Hacking | Bypass Login (SQL Injection : Basic) - DEMONSTRATION - Page 2

YOU ARE READING

Hacking | Bypass Login (SQL Injection : Basic)

Short Story

FOR EDUCATIONAL PURPOSES ONLY! How to Bypass Authentication with SQL Injection

#bypass #education #hack #hacker #hacking #learning #login #loginbypass #sql #sqlinjection

DEMONSTRATION

Start from the beginning

by Ner1um

Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.

In the image above, the line of code that will be executed is :

$sql = "SELECT * FROM users WHERE email = '{$email_signin}'";

Let's try it by entering an email with a metacharacter and password inserted xyz, Injection :

> Another@toxin.htb'#

> Another@toxin.htb'--

htb'-- — Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.

Looks like above we can bypass authentication without having to enter the correct password. So what if we do not know at all the email to use to login? we can still perform SQL Injection without having to know the email or username, we can insert metacharacters to create a query that evaluates to True as shown below :

So what if we do not know at all the email to use to login? we can still perform SQL Injection without having to know the email or username, we can insert metacharacters to create a query that evaluates to True as shown below : — Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.

We can use an OR query followed by a value that is True , Injection :

> Whateveryouwant' OR 1=1 #

> Whateveryouwant' OR 1=1 --

We can prevent this vulnerability by filtering metacharacters on the $email_signin and $password_signin variables using the mysqli_real_escape string() command as shown below: