Disclaimer: Any damage/damages which may occur or arise using the information or by gaining knowledge through this particular post provided here lies solely on the person performing the act. I'm not responsible for any damage/damages of the same. What is written here, is provided solely on informational purpose.
Even dreamed of Hacking a website? Ever wonder how to get into ones website and deface it?
Well dream it.. there's no harm in doing that; but don't practice it (Are you confident enough about hiding your traces behind?).
Words be, lemme tell you a few live hacks done through SQL injections. You can try right now as it works (by the time this post is written) but CONSIDER doing it at your OWN RISK. What i'm telling here is more of a Ethical Hacking; that means, know that it can be done the way I'm explaining here, and find out how to protect from being a victim yourself.
It's simple. Most people think Hacking is for the master coders only, which rather is wrong. Of course some knowledge are required and depending on the level of security, one can break through any system. HACKING into a system can be minimize but you CAN'T guarantee a 100% secure system.. as there is always a way!!
So now, here are some sites which lack some serious security measures:
Uttar Pradesh technical University website -http://uptu.ac.in/ (To login, goto login on the top right, go to college login, and then choose VC)http://myredfm.com/ (To login Goto http://myredfm.com/admin)
What the web developer of these sites have done is, they forgot, or don't know how to use a escape string function (in PHP language). I won't go into details just for the sake of the laymen. They don't know or haven't implemented certain measure to exclude certain characters from being input by the user. When a site asked for a username & password, what happens is that, the code checks the username to the username existing in the database and compare with the password in the same row with the user input password. If both the conditions returns TRUE, then the user is shown the next password protected page.
Look at this: "1' or '1' = '1". Put the above in the username as well as the password field (without the double quotes). Here we formed an always TRUE condition as 1 always equals to 1. Or you can change it '2' = '2' or anything else. Now press enter and voila, you are at the backend of those sites. You can change anything from the backend.
