How to hack a website with basic Hypertext Markup Language (HTML) coding

Preet Nandaniya
3 min readFeb 20, 2022


Websites are far more advanced and secure than they used to be, so there’s virtually no way to gain access to private information just by looking at or writing basic HTML. It’s much harder to hack into websites in general, especially if you’re a novice! But, if you come across an older website written in rudimentary HTML by a beginning web developer, there’s a slight chance you may come across passwords in the website’s source code. A slightly more reliable way to exploit a website’s login screen is to try a SQL injection. Whatever you do, don’t hack into any websites without consent — it’s illegal and could get you into big trouble.

Method — 1 Using the Structured Query Language (SQL) injection hack

Step — 1: Go to the login page of a SQL-based website. If you don’t see the fields asking for your username and password, click the “Log In” or “Sign In” link on the homepage to get there.

  • Most developers have wised up to SQL injection hacks, so this probably won’t work on the majority of websites. Still, if you find an older website with a login page, you may be able to use this hack to gain access without knowing a password.

Step — 2: Check the website for SQL vulnerabilities. The simplest way to do this is to enter ‘ (this is the single quote mark) into the username field, and then click the “Log In” or “Sign In” button. Leave the password field blank.

  • If you see an error message that contains a bunch of SQL code including “QUERY: SELECT * FROM”, the website is vulnerable.
  • If you get a simple error that says the username or password is incorrect, this method won’t work.

Step — 3: Enter the injection code into the “Password” field. If the single quote you entered into the Username field before is still there, delete it — you’ll want that field to be blank. In the password field, type ‘ or 1=1 — -+.

Step — 4: Click the Login button. If you were able to log in successfully, great!

  • If this didn’t work, it could be because some sites block 1- — +. Try using one of these as the password instead (still leaving the Username field blank): ‘ or 1=1# or ‘ or 1=1 — -
  • If you’re able to gain access to the database, the ethical thing to do would be to alert the administrator.
  • If you’re still not able to log in, the site is protected against this type of hack.

I am gonna post method — 2 after sometime, stay tuned! And remember, don’t use this or you will be in great trouble!



Preet Nandaniya

Just a curious middle school student who writes blogs :D