Admin Login Bypass [SQL Injection]

It is also called SQL Injection Authentication Bypass. It is used by penetration testers for bypassing admin login without credentials. A penetration tester can use it manually or through burp in order to automate the process.
This technique is used to bypass PHP and MySQL Authorization with SQL Queries.
This flaw comes up every time a website doesn't filter the attacker's input.

Let's get started,

1. Finding websites with Login pages.
    To find out the admin-login pages in a website, few codes are used. Just open GOOGLE and type       one of these codes:

                        inurl:/admin/login.php
                        inurl:/admin.php
                        inurl:/login.php




2. Now, open the admin-login page to execute the query.
    Alright, now that you've found your target with a login page, try this query:

                               Username: hi'or'1'='1
                                Password: hi'or'1'='1
   
   Normally, the MySQL Query is,

              select username,password from admin where username=' ' && password= ' '

   Here '1'='1 is true value.
   If in case, developer puts double cots instead of single cots, then try this query:

                                Username: hi"or"1"="1
                                 Password: hi"or"1"="1

There is more to that than a single query. You can find a list of queried passwords, that you can use to inject the target.

   Let's apply this query on this website,


  

    

That means we're getting logged in as the administrator, without a password by manipulating the query!

Video Tutorial for Admin Login Bypass [SQL Injection]



Stay Tuned!!!

Comments

Post a Comment

Popular posts from this blog

Installing LINUX BackTrack in Oracle VM VirtualBox Manager

Image
First, you to install Oracle VirtualBox on your computer, then open it. It is pretty easy to do this, first, you have to gather a few things, which are described below: Backtrack 5 ISO Image (download from its official website ) An Oracle VirtualBox (installed on the host) (download from here ) A Computer consists of any Operating System (windows is preferable) Instead of Backtrack image, you can also use Live CD, Live USB, Hard Disk, Live Hardware. VirtualBox is software which allowed us to install an operating system into another operating system means to install a guest operating system into the host operating system. To install Backtrack on a Virtual Machine following steps are required to follow: 1. First, you to install Oracle VirtualBox on your computer, then open it. 2. In the upper left corner of VirtualBox, a New button is provided click it to create a new virtual machine. Choose the name of the new virtual machine and also select the type and v
Read more

Customizing Mozilla Firefox for Hackers

Image
Mozilla Firefox can be used for hacking and penetration testing purposes, by installing the following add-ons. This browser also supports the developer modes (inbuilt in Firefox). List of Add-ons : 1. anonymoX         2. HackBar 3. Tamper Data 4. iMacros 5. Groundspeed Video Tutorial for customizing Mozilla Firefox for Hackers Stay Tuned!!!
Read more