Bypass Logins Using SQL Injection

May 27, 2018 | Views: 8793

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Dear Cybrarians,

I’m going to explain how to bypass login of a website and how it works using SQL injection. I hope you all have a basic understanding of database and SQL queries.

So, it starts now. Whenever we visit a website, there are options for logging in or signing up. If you are already a user of a website, you have to log in with your valid credentials. If the given credentials are wrong, then
you can’t access your account. Users of a website may be admin or casual users.

Suppose the email field is not validated. Now, we pass some random input,
email: bdhbhdm and password: 123456. But the page displays a wrong username or password error message.

The original query of the above login form is as follows:

SELECT id FROM users WHERE username=’ ‘ and password=’ ‘

so it becomes,

SELECT id FROM users WHERE username=’bdhbhdm ‘ and password=’123456’

The query runs in the database to check whether the username and password are valid. If the credentials are correct, then the query retrieves the particular account. Otherwise, it displays an error message.

We can use SQL injection to bypass the login and get access. Here, we use the inputs

1. username:1′ or ‘1’=’1 and password: 1′ or ‘1’=’1

So the query becomes,

SELECT id FROM users WHERE username=’1′ or ‘1’=’1 ‘ and password=’1’ or ‘1’=’1 ‘

Since the conditions 1 and 1=1 are always true, access will be granted to the attacker. The position of apostrophes in the input is important.

2. username: admin’– and password: anything

In this case, the query becomes,

SELECT id FROM users WHERE username=’admin ‘ — and password=’xxxxx ‘

The two dash characters (–) ignore the part after its position. So the query only checks the username, and the attacker will gain access to the admin account.

Notes

  1. This type of attack can be defeated by validating inputs in a form.
  2. The SQL injection payload works based on the type of database.
  3. Search “SQL injection cheat sheet” in Google for more payloads.
  4. You can test this attack legally on the websites below:
    • demo.testfire.net
    • testphp.vulnweb.com

That’s all for now. I will be back with another helpful write-up. Thank you, and Happy Hunting!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. is it possible for all websites ?

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel