First SEARCH the following
Keywords in Google or any Search
Engine: admin\login.asp login.asp
with these two search string you
will have plenty of targets to
chose from … choose one that is Vulnerable INJECTION STRINGS: How
to use it? This is the easiest part
… very simple On the login page just enter something like user:admin
(you dont even have to put this.)
pass: ’ or 1=1– or user:’ or 1=1– admin:’ or 1=1– Some sites will have just a password so
password:’ or 1=1– In fact I have compiled a combo list with strings
like this to use on my chosen
targets . There are plenty of
strings in the list below. There are
many other strings involving for
instance UNION table access via reading the error pages table
structure thus an attack with this
method will reveal eventually
admin U \P paths. The one I am
interested in are quick access to
targets PROGRAM i tried several programs to use with these
search strings and upto now only
Ares has peformed well with quite
a bit of success with a combo list
formatted this way. Yesteday I
loaded 40 eastern targets with 18 positive hits in a few minutes how
long would it take to go through
40 sites cutting and pasting each
string combo example: admin: ’ or a=a– admin:’ or 1=1– And so on. You don’ t have to be admin and still can do anything you want. The
most important part is example: ’ or 1=1– this is our basic injection string Now the only trudge part is
finding targets to exploit. So I
tend to search say google for
login.asp or whatever inurl:login.asp
index of:/admin/login.asp like this:
index of login.asp result: http:// www3.google.com/ search?
hl=en&ie=ISO… G=Google+Search 17,000 possible targets trying
various searches spews out plent
more Now using proxy set in my
browser I click through interesting
targets. Seeing whats what on the
site pages if interesting I then cut and paste URL as a possible
target. After an hour or so you
have a list of sites of potential
targets like so http://
www.somesite.com/ login.asp http://
www.another.com/admin/login.asp and so on. In a couple of hours you
can build up quite a list because I
don ’ t select all results or spider for log in pages. I then save the
list fire up Ares and enter 1) A
Proxy list 2) My Target IP list 3)
My Combo list 4) Start. Now I dont
want to go into problems with
users using Ares..thing is i know it works for me… Sit back and wait. Any target vulnerable will show up
in the hits box. Now when it finds
a target it will spew all the strings
on that site as vulnerable. You
have to go through each one on
the site by cutting and pasting the string till you find the right
one. But the thing is you know you
CAN access the site. Really I need a
program that will return the hit
with a click on url and ignore false
outputs. I am still looking for it. This will saves quite a bit of time
going to each site and each string
to find its not exploitable. There
you go you should have access to
your vulnerable target by now
Another thing you can use the strings in the urls were user=?
edit the url to the = part and
paste ‘ or 1=1– so it becomes user=’ or 1=1– just as quick as login process Combo List There are
lot of other variations of the
Injection String which I cannot put
on my thread because that is