Open in app

Sign in

Write

Sign in

How I Hacked my College Website totally just with SQL Injection (Part 1)

#$ubh@nk@r
3 min readSep 5, 2023

--

Source : Google

Intro : Hello all Hackers! Todays I will discuss about you that how I hacked my University Website , get access to the Website Administrator Panel and takeover the Total Website’s control in my Hand. This is just for Educational Purpose. Do not do it with anyone for illegal purpose. So let’s drive in.

Recon :

As a hacker everyone had a wish to Hack their College Website once in life. I also have same Wish. So I started Recon on my University and I found a Login Page which may be Directly take to me Admin Content Management Panel of that Website.

Login Page

So I gather some Hope and start finding SQL Injection to bypass it. But unfortunately I get nothing except Failure. I also try for SQLMap but it also failed. I was like then.

Hopeless

So I start finding other juicy Endpoint of College Website. Where in course finding page I found some Parameters.

URL

Attack :

Here I found so many Parameters. I also find it is a PHP page so I think here may be I found SQL Injection. So I try for it. Basic SQLi statement failed. So I start SQLMap.

SQLMap

First I search of Databases present in the Page. And I found the Keyword Parameter is Vulnerable to SQL Injection. Yaaaa!!!

But it is Time-Based Blind Injection. So it may take much time to Dump. Here are the 2 Databases.

Confirm SQL
Databases

So I start dumping the Tables and I found 15 Tables are present there. It takes around 40 Minutes to Dump.

Tables

Here I found management_<> Interesting because it may Contain Creds which I can use in that Login Page. And yes I was Right. I get a Username, Email, Password in that Page. And the Password is in Clear text Format so I need not to Crack. :)

Creds

Wowww! I was so excited at that Time. If this Creds are Valid I can access the Website Content Management System and the total Website will be mine.

So I use those Creds to Login and I simply Access the Administrator Panel. Yes!! Success!!

Admin Panel

So that’s how I hacked My College Website simply. Here I edit anything that will effect the Main Page. I can also get a Reverse Shell from here but I don’t do it as it will affect on Page.

Note : That’s why SQL Injection is Old but Gold.

THANKS FOR READING!

If you like it don’t forget to Follow me for more Articles.

Happy Hacking~

Sql Injection
College Hacking
Bugs
Hacking

--

--

#$ubh@nk@r
#$ubh@nk@r

Written by #$ubh@nk@r

829 Followers
53 Following

CyberSecurity Learner, CTF Player, Noob Bug Hunter https://starlox0.github.io/

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams