Find vulnerable admin login panels

Google Dorking is one of the most common OSINT techniques and, with a little ingenuity, it can allow us to view very specific results.
There are many vulnerable login pages on the web, the vulnerability we are going to exploit will be a very simple boolean-based SQL injection.
That's the Google dork: intitle:"Login" (inurl:/admin/index.php | inurl:/admin/login.php).
Obviously, some results may not be vulnerable or it could be a honeypot.

[*] google_results.png


"Boolean-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database 
which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result."

-Acutenix

The payload we'll use is the following, typed in the input fields of both username and password: 1'or'1'='1
This will guarantee us an authentication bypass on the web dashboard!
In the specific case of 1'or'1'='1, what happens is that the single quote character ' which is commonly used to delimit 
string values ​​in SQL commands, is inserted inside the conditional part of a query.
When a SQL query is processed on the server, if the condition in the WHERE clause of the query is true, the result will be returned. 
In the case of 1'or'1'='1, the condition is always evaluated as true because '1'='1' is an equality condition that is always satisfied. 
As a result, the query result will be to restore all records without any restrictions.

It's usual to see some defaced results.
Most of the results could also be vulnerable to stored/reflected XSS without any filters, 
here's a list of some generic XSS payloads.