Simple Website Hack

This instructable will not make you a master hacker. It will, however, teach you how to use a Structured Query Language, or SQL, (don't worry, you don't need to know what that means) to gain access to the information that a bad website stores. This tutorial should also help you understand a little bit of what goes on behind the scenes of certain websites.

This is the most important step to this. Do not try to do this on Facebook, Twitter, or really any other major site. Most sites have security in place to protect against this simple attack. However, a site that looks halfway put together has a fair shot of being susceptible to this little hack. Use your best judgement. For the purpose of showcasing the technique, follow this link for a website that shows this

What you are looking for is just any sort of text box in which you can insert information. Think login boxes, search boxes, or anything else that you have to put words or numbers into to get some result. There will be different kinds of information that you can get, based on what type of text box you use. It will give you information relevant to the box you're using.

For instance, username and password boxes will give you a list of that information. A search box will instead give you a list of searches that have been used in that box

For the sake of the tutorial, we will assume you are doing this in a login box from here on out.

Most websites store long term data in what is known as a database. This is where usernames and passwords are stored for the website.

As an example we will use the user Bob. Bob attempts to login to the website using his username, bob_man, and his password, hello_world. When Bob does this the website asks the database a simple question, is there a user whose username=bob_man, and is his password=hello_world. If the database finds bob_man and his password is hello world it will send back all of Bob's information to the website so that it can log bob in.

This is where we actually start "hacking".

To start, simply put in a random username and a random password. Then add this addendum to each box, directly after the username and password (minus the quotation marks): "OR 1=1;"

This will cause the database system that most sites use (MySQL or SQL) to return everything that it could possibly be looking for (in this case, a bunch of usernames and passwords). The reason it does this is because the system is looking for a true statement, and since 1=1 is always a true statement, it confirms the information.

Let's use our old friend Bob as an example again.

If Bob puts in his username as "hacker_bob OR 1=1" and his password as "hacked_world OR 1=1" the database will ask itself the following question: Does username=hacker_bob OR does 1=1?

Considering 1 does in fact equal 1, Bob has, in a roundabout way, told the database that he is all users. The database then asks itself: Does the password=hacked_world OR does 1=1? 1=1 is still true, so Bob must have the right passwords for these users. The database then gives Bob all its information, which is all of the user information the site holds.

This will lead to you getting back every single username and password that the website has stored. However, even if this works, some websites store the passwords in a way that keeps them safe from this kind of attack.

At this point this is the end of the tutorial, depending on the
website that you used you either succeeded and now have a bunch of user login information(That may or may not work on other websites) at your disposal OR you feel disappointed and sad that it didn't work. This is only the simplest way for this to be explained, for more info on the SQL language as well as how to do more complicated things with this little hack, go here.