Ready to Start Your Career?
Create Free Account
By: Zubair Ansari
August 5, 2017
Secure Web Panel From SQL Injection
August 5, 2017

By: Zubair Ansari
August 5, 2017

We can get admin access by using these strings.Username:|' or 1=1 limit 1 -- -+ |Password:|' or 1=1 limit 1 -- -+ |We have to find post data directory of username and password.
The easy method is to find post data dir: Goto admin/index.php and note which PHP page you used to post admin data.Query of form will as: <form method="POST" action="login_check.php" name="form" >Login_check.php (Might be changed on your own) is form of posting user data.Now we have to go login_check.php to find dir of user data like username and password.Query will as :$username=$_POST['username'];$password=$_POST['password'];Now it's simple to add little query at post data dir.Quer is : mysql_real_escape_string(htmlspecialchars( ----(For username)mysql_real_escape_string(htmlspecialchars(md5( ----(For password)After adding query to data dir script will as :$username = mysql_real_escape_string(htmlspecialchars($_POST['username']));$password = mysql_real_escape_string(htmlspecialchars(md5($_POST['password'])));After adding this little query admin page can't bypass. Page will give you an error message.Error: Please enter correct detail! (Might Be Your's Own)Prove of concept and complete video tutorial, below.Thank you for reading, and I'm sorry for bad English.