Home 0P3N Blog Bypass Logins Using SQL Injection
Ready to Start Your Career?
Create Free Account
By: Sahad Mk
May 27, 2018

Bypass Logins Using SQL Injection

By: Sahad Mk
May 27, 2018
By: Sahad Mk
May 27, 2018
Dear Cybrarians,I'm going to explain how to bypass login of a website and how it works using SQL injection. I hope you all have a basic understanding of database and SQL queries. So, it starts now. Whenever we visit a website, there are options for logging in or signing up. If you are already a user of a website, you have to log in with your valid credentials. If the given credentials are wrong, then you can't access your account. Users of a website may be admin or casual users. Suppose the email field is not validated. Now, we pass some random input, email: bdhbhdm and password: 123456. But the page displays a wrong username or password error message. The original query of the above login form is as follows:

SELECT id FROM users WHERE username=' ' and password=' '

so it becomes,

SELECT id FROM users WHERE username='bdhbhdm ' and password='123456'

The query runs in the database to check whether the username and password are valid. If the credentials are correct, then the query retrieves the particular account. Otherwise, it displays an error message.
Enroll TODAY to start learning Cyber Security with these Courses:
We can use SQL injection to bypass the login and get access. Here, we use the inputs.

1. username:1' or '1'='1 and password: 1' or '1'='1. So the query becomes,

SELECT id FROM users WHERE username='1' or '1'='1 ' and password='1' or '1'='1 '

Since the conditions 1 and 1=1 are always true, access will be granted to the attacker. The position of apostrophes in the input is important.

2. username: admin'-- and password: anything. In this case, the query becomes,

SELECT id FROM users WHERE username='admin ' -- and password='xxxxx '

The two dash characters (--) ignore the part after its position. So the query only checks the username, and the attacker will gain access to the admin account.

Notes
  1. This type of attack can be defeated by validating inputs in a form.
  2. The SQL injection payload works based on the type of database.
  3. Search "SQL injection cheat sheet" in Google for more payloads.
  4. You can test this attack legally on the websites below:
    • demo.testfire.net
    • testphp.vulnweb.com

That's all for now. I will be back with another helpful write-up. Thank you, and Happy Hunting!
Request Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry