Home 0P3N Blog Secure Web Panel From SQL Injection
Ready to Start Your Career?
Create Free Account
Zubair Ansaris profile image
By: Zubair Ansari
August 5, 2017

Secure Web Panel From SQL Injection

By: Zubair Ansari
August 5, 2017
Zubair Ansaris profile image
By: Zubair Ansari
August 5, 2017
Hello, everyone, it's Zubair Ansari from Pak Cyber kullz. As you might know, "How to hack a website by bypassing the admin page" is a commonly searched sentence in Google. There are a lot of methods on how to bypass admin pages, but I will not discuss them now. I want to provide just security now. I have a method to secure admin page and protect it from bypassing (via SQL Injection) a website by using a little query.If you really want to read about web application security, you know there is a common method of bypassing admin page (using a string) like st_1:'or' '='  st_2:' or 1=1 limit 1 -- -+  .
We can get admin access by using these strings.Username:|' or 1=1 limit 1 -- -+  |Password:|' or 1=1 limit 1 -- -+  |We have to find post data directory of username and password.
The easy method is to find post data dir: Goto admin/index.php and note which PHP page you used to post admin data.Query of form will as: <form method="POST" action="login_check.php" name="form" >Login_check.php (Might be changed on your own) is form of posting user data.Now we have to go login_check.php to find dir of user data like username and password.Query will as :$username=$_POST['username'];$password=$_POST['password'];Now it's simple to add little query at post data dir.Quer is : mysql_real_escape_string(htmlspecialchars(      ----(For username)mysql_real_escape_string(htmlspecialchars(md5(  ----(For password)After adding query to data dir script will as :$username = mysql_real_escape_string(htmlspecialchars($_POST['username']));$password = mysql_real_escape_string(htmlspecialchars(md5($_POST['password'])));After adding this little query admin page can't bypass. Page will give you an error message.Error: Please enter correct detail!  (Might Be Your's Own)
 Prove of concept and complete video tutorial, below.Thank you for reading, and I'm sorry for bad English.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry