More people have access to the internet than ever before. This has prompted many organizations to develop web-based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers.
- Hacking via online SQL injection
- Hacking with basic HTML coding
Hacking Website using Online SQL Injection
The following steps are followed to hack a website using SQL injection:Step #1
Open google.com by using your system's Firefox and type in inurl:.php?id= You will see a list of websites with dork PHP. Click on any of them.Step #2
Insert an apostrophe at the end of the URL to check if the website is vulnerable. If it says, "you have an error in your SQL syntax", then it indicates that the website is most likely to be vulnerable and hence proceed.Step #3
Remove the apostrophe and add order by 2—to see how many columns the website has and perhaps the most important work you have to do here. Keep testing with 3--, 4--, 5-- till you receive a message like "unknown column".Step #4
Delete the ‘12 order by‘ and replace it with null union all select 1,2,3,4,5,6,7,8,9,10-- After the page loads, you will see a few numbers. Pick the top one. For instance, if it is 7 then replace 7 in the URL with @@Version. It will show the 5.092 community which is great as it means that the database version is over 5 (fundamentally meaning it can be hacked).Step #5
Now replace @@version with group_concat(table_name) and after the last number, add from information_schema.tables where table_schema=database()--Step #6
Replace both tables in the URL with a column. You will get all the information the website has. Obtain those interesting to you, for example, username, full name, etc. Replace column_name with username,0x3a,pass and replace all the information tags with users--. You will get all the usernames and passwords associated with the website. If it says ‘unknown username and blank list', it means you have the wrong table, and you will have to go back and look for a different table. It could also mean that you can select another way to hack a website, like the product.Here, the usernames are displayed first because it comes before the pass in the URL.
Step #7
To log in you will have to google admin page finder and then click on the first link. Follow the instructions and get your own admin page finder login. Following this, log in with any of the logins you have secured. Click on the profile after it logs in and you will find all the details needed.How to hack a website via basic HTML coding - HTML Hack
If you possess basic HTML and JavaScript knowledge, you might just be able to access websites that are password protected. This last method will present to you easy steps on how to hack an account on any website less secure website of your choice through HTML. Remember that this method only works for websites with very low-security details.Step #1
Open the website you need to hack. In its sign-in form, enter the wrong username and wrong password combination. You will find an error popup saying the wrong username and password.Step #2
Right-click on that error page > and go to view source.Step #3
Open and view the source code. There you will see the HTML coding with JavaScript.You will find something like this....<_form action="...Login....">
Before this login information copy the URL of the website on which you are.
Step #4
Carefully delete the JavaScript that validates your information on the server. This website can be successfully hacked based on how efficiently you delete the javascript code validating your account information.Step #5
Go to file > save as > and save it anywhere on your hard disk with ext.htmlStep #6
Reopen your target web i.e. 'chan.html' file that you earlier saved on your hard disk. You will see a few changes on the current page as compared to the original one. This indeed proves that you are on the right path.Step #7
Provide any username and password. You have thus successfully cracked a website and entered the account.Note: All the above steps are for educational purposes. we do not encourage or endorse any type of hacking.
Post a Comment