Skip to main content

SQL Injection ,Hacking PHP 4.4 sites in seconds

Today I am going to teach you how to hack a certain type of websites with very least efforts. Websites with PHP  4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and in just few steps you will access the admin's account of that website.

Remember,this tutorial is applicable on PHP 4.4 machines with Apache running in parallel with them. Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be sued!!!.

 Also this tutorial is only for educational purpose.

 Here we go!!!



Step 1 – Search for them

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.You can do this by searching inurl:adminlogin .

 Step 2 – Scan them

Start by scanning them using Nmap ,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie -

http://www.website.com:2000

and you will be comfortably login into admin page like this -



Step 3 – Hack them

Now in the fields,you have to type -

username – admin

password – a’ or 1=1 or ‘b

domain – a’ or 1=1 or ‘b



and press go,you will login into admin


Now you have entered the admin panel ,Congrats!!
Labels:

Comments

Post a Comment

Popular posts from this blog

How to create Bootable USB using Rufus

Rufus is a great software that allows you to create a bootable USB drive using an .ISO file.Its Ideal for installing programs and software on windows for whom CD drive are not available. In order to create a bootable USB drive you will need three things : 1 USB drive 2 Your .ISO file which you want to boot your USB with. 3. Rufus Let's get going!! STEP 1 First of all download Rufus , you can download it from their site -  https://rufus.akeo.ie/ Download the latest version (right now its Rufus 2.9). You don't need to install it , it runs directly STEP 2 : Inser the USB drive and open Rufus , make sure you take backup of all files in your USB drive because Rufus will format the USB before booting it. STEP 3: Once you have started Rufus check for all desired things. Make sure device field is set to the correct device(device that you want to boot i.e USB) Also Make Sure "Create a bootable disk " option is ticked else i...
Post a Comment
Read more

Software Testing through Fuzzing

Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash . Fuzzing is  often automated or semi-automated, that  involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing technique is commonly used to test for security problems in software or computer systems ans also used to discover coding errors and security loopholes in software, operating systems  or networks by inputting massive amounts of random data, called fuzz, to the system  in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes. There are two forms ...
Post a Comment
Read more