What is Sql Injection ? How it works ?

“SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application “
Using the sql injection vulnerability attacker can get the database of the web application and can get the administrator username and password. After getting the username and password of the web application attacker will upload the shell and can deface the web application And using the shell attacker can root the server and all the web application can get defaced.
Here is the basic tutorial of the sql injection using the script. Here are some Google Dorks for basic sql injection.
Inurl:admin.asp
Inurl:administratior.asp
inurl:login.asp

Now open the search result and try to login with the following code if the web application is vulnerable then you can get the admin access else try another search result.
admin : ' or 1=1--
password : ' or 1=1--
here are more passwords.
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1—
Now after getting the admin access just upload the asp shell. In my next tutorial I will show you “what is shell and how to upload the shell”
If you have any question then feel free to make a comment.