Login Bypass Using SQL Injection.
TITLE: Login Bypass Using SQL Injection.
TOOLS: BROWSER & BRAIN :) .
INTRODUCTION: ( NO NEED TO READ THIS IF YO ARE JUST SCRIPT KIDDIE..... :P)
What is SQL Injection?
It is type of attack that takes advantage of improper coding of your web applications that allows attacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.” Today in this article, we are going to learn login bypass with hands on approach.
First let us see an example of piece of code that actually creates the Login Page vulnerable to this attack.
Example:
TOOLS: BROWSER & BRAIN :) .
INTRODUCTION: ( NO NEED TO READ THIS IF YO ARE JUST SCRIPT KIDDIE..... :P)
What is SQL Injection?
It is type of attack that takes advantage of improper coding of your web applications that allows attacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.” Today in this article, we are going to learn login bypass with hands on approach.
Example:
$uname=$_POST['uname'];
$passwrd=$_POST['passwrd'];
$query="select username,pass from users where username='$uname' and password='$passwrd' limit 0,1";
$result=mysql_query($query);
$rows = mysql_fetch_array($result);
if($rows)
{
echo "You have Logged in successfully" ;
create_session();
}
else
{
Echo "Better Luck Next time";
}
What we can see above is a PHP code which takes the user Input put the into the SQL Query and then check if any row is returned it allow you to get Log in.
PROCEDURE:
1. SEARCH THIS DORK ON GOOGLE.
" inurl: login.asp"
I HAVE TOO MANY DORKS BUT FOR LEARNING PURPOSE I AM GIVING JUST ONE.. :) JUST SEARCH ABOVE QUERY IN GOOGLE.
2.NOW OPEN ANY OF RESULT.
3.HERE IS ONE OF RESULT. OPEN THIS URL ......
4.NOW YOU CAN SEE THE LOGIN PAGE.
5. NOW USE THIS SQL QUERY.
USERNAME: 'OR''='
PASSWORD: 'OR''='
6. HERE THIS QUERY------------ 'OR''=' ----------------- IS WORKS AS A UNIVERSAL PASSWORD OR UNIVERSAL KEY FOR ANY LOGIN PAGE WHICH HAVE ABOVE LOGIN PAGE CODING.
7. CONGRATULATION!!! NOW YOU ARE ADMIN OF SITE !!!! ENJOY :) !!!
CONCLUSION:
AS YOU CAN SEE 'OR''=' IS ALWAYS CORRECT !! SO IT BYPASS THE LOGIN FIELD.
BUT THIS TECHNIQUE NOT USEFUL FOR EVERY WEBPAGE.. THE SITE MUST BE SQL VULNERABLE......
THANK YOU !!!!!
GREETZ!!!! ZEN & ZEROFREAK.
5. NOW USE THIS SQL QUERY.
USERNAME: 'OR''='
PASSWORD: 'OR''='
6. HERE THIS QUERY------------ 'OR''=' ----------------- IS WORKS AS A UNIVERSAL PASSWORD OR UNIVERSAL KEY FOR ANY LOGIN PAGE WHICH HAVE ABOVE LOGIN PAGE CODING.
7. CONGRATULATION!!! NOW YOU ARE ADMIN OF SITE !!!! ENJOY :) !!!
CONCLUSION:
AS YOU CAN SEE 'OR''=' IS ALWAYS CORRECT !! SO IT BYPASS THE LOGIN FIELD.
BUT THIS TECHNIQUE NOT USEFUL FOR EVERY WEBPAGE.. THE SITE MUST BE SQL VULNERABLE......
THANK YOU !!!!!
GREETZ!!!! ZEN & ZEROFREAK.
EmoticonEmoticon