» Bypassing Logins | SQL Injection | Free Ethical Hacking
Wifi Hacking Adapter : Recommended by Rahul Tyagi
Bypassing Logins | SQL Injection | Free Ethical Hacking
a site has a login form & only the registered users are allowed to
enter the site. Now, say u wanted to bypass the login and enter the
site as the legitimate user. If the login scriptblock is not properly
sanitized by the programmer, u may have luck to enter the site. U might
be able to login into the site without knowing the real username and
real password by just interacting with the DB server. So, isn't that
the beauty of SQL injection??
Let's see an example, where the username admin with the password pass123 can login to the site.
Suppose, the SQL query for this is carried out as below:
SELECT USER from database WHERE username='admin' AND password='pass123'
And if above SELECT command evaluates true, user will be given access to
the site otherwise not. Think what we could do if the scriptblock is
not sanitized. This opens a door for the hackers to gain illegal access
to the site.
In this example, the attacker can enter the following user data in the login form:
username: a or 1=1--
So, this would make our query as:
SELECT USER from database WHERE username='a' or 1=1-- AND password=''
Note that -- is the comment operator and anything after it will be
ignored as a comment. There exists another comment operator which is /*.
So our above query becomes:
SELECT USER from database WHERE username='a' or 1=1
Now this query evaluates true even if there is no user called 'a'
bcoz 1=1 is always true and using OR makes the query return true when
one of the query is true. And this gives access to the site admin
There can be various other username and password combinations to play
with the vulnerable sites. U can create ur own new combinations for the
Few such combinations are:
username:' or 1='1 password:' or 1='1
username:' or '1'='1' password:' or '1'='1'
username:or 1=1 password:or 1=1
and there are many more cheat sheets. Just google. In fact, you can create your own such combination to bypass logins..
That's all about bypassing logins.
Views: 1118 |