me: hi bhai ANIRUDH: ya ruk ek min wo site kholta hoon me: k Sent at 9:00 PM on Saturday ANIRUDH: http://aecc.indiacareerportal.com/home.

php ye site khol u there me: k khol di bhai ANIRUDH: on th right hand site there are fields for login and password right me: hm ANIRUDH: now click on CPO FAculty me: kiya ANIRUDH: enter any user name or password u like and try to login me: kiya] ANIRUDH: nahi hua na login ? me: hmm nai hua ANIRUDH: 1' or '1'='1 copy above line in username and password both and try login me: hmm hua ANIRUDH: SQL injection u hacked the site :D do anything u want now :D me: sahi h bhaii ANIRUDH: arey u wanna know how it works ? me: ya ANIRUDH: so the funda is the SQL Queries MOSTLY MOSTLY MOSTLY are where username = '$UserName' and password = '$Password' apan bhi aise hi likhte hain are u getting me....or should I tell it in different words so after entering Username = 1' or '1'='1 the query becomes where username = '1' or '1'='1' and password ='1' or '1'='1' 1=1 always satisfies and u login with the first user of their data base :D TRY ANY USERNAME telnet' or 'oracle'='oracle or me: k gr8 yaar

ANIRUDH: naveen' or 'anirudh'='anirudh' bhi chalega now go to google and search site:indiacareerportal.com you'll see 1000s of results i.e. 1000s of colleges who have used indiacareerportal for their placement sreof twa software 11:12 AM u can easily login to any of them :D and get their database phone number of student or faculty company leads Sent at 9:08 PM on Saturday me: k isme logi ka option kidhar h login ANIRUDH: kisme ? indiacareerportal wali site pe me: hmmm huaa ANIRUDH: aaya mujhe to us site pe ah! tujhe bhi mil gaya me: hm