Skip to navigation Skip to content
Hackercool Magazine

Simplifying Cyber Security

  • Magazine
  • My Account
  • Blog
  • About Us
  • Contact Us
  • Home
  • About Us
  • Blog
  • Cart
  • Checkout
  • Contact Us
  • My Account
  • $0.00 0 items
Home / Hacking / Website hacking / Login Bypass using SQL Injection
Posted on August 9, 2013December 17, 2020 by kanishka10 — 11 Comments

Login Bypass using SQL Injection

Those who are first on the battlefield and await the opponents are at ease; those who are last on the battlefield and head into battle get worn out.

SUN TZU, Art Of War.

What is SQL Injection?

Acunetix describes it as ” the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

In this howto, I am going to show you how login bypass websites using SQL injection. For this howto, I am going to use Vulnerawa and Wamp server. You can download Vulnerawa from here. To see what is Vulnerawa, go here. To see how to setup vulnerawa in Wamp Server, go here. When you successfully setup vulnerawa it should be as below. The first page of a website is the  “index.php”   which is as shown below.

Now click on the “Login” button. You should see a login form as below.

Now insert a single quote character( ‘ ) into the form as shown below.

Click on “Submit”. You should get the error as shown below. This shows that the webpage is vulnerable to SQL injection. Notice that the url has changed  to a page “process.php”. Remember this for now.

Now enter the query

1′ or ‘1’=’1 

as shown below in both username and password fields.

Click on “Submit”. If you got the below webpage, then you have successfully bypassed the login screen.

The query we entered above validates the  user  even without checking the password. There are some other queries which can work similarly. Two of them are here.

‘ or ‘1’=’1;
‘ or ‘1’=’1”

When a hacker enters these two queries, the username field becomes

” or ‘1’=’1;

which transforms to validate the user if username is empty or 1=1. Now whatever may happen, one will always be equal to one. We can find many more using trial and error. This vulnerability exists because we are supplying raw data to our application.

Now let’s go to the page “process.php” to understand how this sql injection worked. Go to the root directory of Vulnerawa. That would be “C://Wamp/www/vulnerawa1.0.2“. You should see the list of below pages.  These are all the webpages which make the webapp vulnerawa1.0.2.

But we are interested in the page process.php. Right click on the page and select “edit” option to view the file. To put simply, open the process.php file with notepad. You should see it as below.  We are interested in the two lines of code, $myusername=$_POST[‘username’] and  $mypassword=$_POST[‘password’]. These are the two queries to take username and password from the user. You can observe that they are taking input directly aka without sanitization.

Now just below these two lines, we have two lines commented. These are

$myusername = mysqli_real_escape_string($connect, $myusername);

$mypassword = mysqli_real_escape_string($connect, $mypassword);

Now, uncomment those two lines by removing the two backward slashes as shown below.

Save the file and restart the WAMP server. Now try to bypass the login screen as explained above. You should get something as shown below.

The “mysqli_real_escape_string” escapes any escapes any special characters entered in the input fields thus rendering injection harmless.

Related

Category: Website hacking
Tags: Login Bypass, SQL, SQL Injection

Post navigation

Previous post: How to subnet a network
Next post: How to configure armitage on Kali Linux

11 thoughts on “Login Bypass using SQL Injection”

  1. Anonymous
    August 9, 2013

    Great article, very clearly written with excellent screenshots !
    Thanks

    Reply
  2. Pentesticles
    August 10, 2013

    What’s the point in writing a blog post about the most basic SQLi and being pretentious enough to quote the Art of War! Hahahaha.

    Reply
  3. Cereal
    August 10, 2013

    Nice article, congrats.

    Reply
    1. kanishka10
      August 10, 2013

      Thank you very much, Cereal.

      Reply
  4. |)|2|< (0//3T
    October 18, 2013

    Brilliant Tutorial on Detection and Prevention of Sql Injection Attack
    “Surprisingly, he gets access to the restricted area….”<==Referring to this line,can you create the php mysql code to get access to the resticted area like to retrieve sensitive user information and mail me the code asap

    Reply
  5. TonyT
    February 15, 2014

    haha,
    works like a charm. tried it on http://www.sticktipp.de

    define(‘DB_NAME’, ‘db479035460’);

    /** Ersetze username_here mit deinem MySQL-Datenbank-Benutzernamen */
    define(‘DB_USER’, ‘dbo479035460’);

    /** Ersetze password_here mit deinem MySQL-Passwort */
    define(‘DB_PASSWORD’, ‘st1ckt1pp’);

    /** Ersetze localhost mit der MySQL-Serveradresse */
    define(‘DB_HOST’, ‘db479035460.db.1and1.com’);

    /** Der Datenbankzeichensatz der beim Erstellen der Datenbanktabellen verwendet werden soll */
    define(‘DB_CHARSET’, ‘utf8’);

    /** Der collate type sollte nicht geändert werden */
    define(‘DB_COLLATE’, ”);

    Reply
  6. ishwor
    June 22, 2016

    can we bypass router login page its username and password

    Reply
    1. kanishka10
      June 23, 2016

      Ishwor, it depends. But mostly router logins can be bypassed using default username and passwords.

      Reply
  7. Phpprogrammer
    June 14, 2017

    Attacks on website is very common now a days. You blog is surely help us to maintain our website security and make safe them.Thanks for the article.

    Reply
    1. kanishka10
      June 24, 2017

      You are welcome, Phpprogrammer.

      Reply
  8. Hassan
    October 13, 2017

    Great article about security

    Reply

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top Posts & Pages
  • How to encrypt passwords on Cisco routers and switches.
    How to encrypt passwords on Cisco routers and switches.
  • How to install Parrot Security OS in Vmware
    How to install Parrot Security OS in Vmware
  • Hacking Rlogin and Rexec Services
    Hacking Rlogin and Rexec Services
  • Easy Chat Server User Registration Buffer Overflow Exploit
    Easy Chat Server User Registration Buffer Overflow Exploit
  • Installing MATE Desktop in Kali Linux 2020
    Installing MATE Desktop in Kali Linux 2020
Categories
  • ►Forensics (2)
  • ▼Hacking (118)
    • ►Application hacking (17)
    • ►CMS hacking (15)
      • ►Joomla (4)
      • ►wordpress (5)
    • ►Firewall hacking (2)
    • ►Metasploitable2 (1)
    • ►Mobile hacking (2)
    • ►Router hacking (2)
    • ►System hacking (38)
      • ►Linux (7)
      • ►Windows (22)
    • ▼Website hacking (18)
      • Cracking hashes with Kali :hashidentifier, hashid, findmyhash
      • Desktop phishing tutorial : Step by step guide
      • How to create a web application pentest lab
      • LFI hacking for beginners
      • Limesurvey Unauthenticated File Download exploit
      • Login Bypass using SQL Injection
      • Phishing tutorial for beginners : Step by step guide
      • RFI hacking for beginners : Part 1
      • SQL Injection tutorial for beginners
      • SQL injection with Havij : Step by step guide
      • SQL Injection with Sqlmap : Step by step guide
      • Upload shell and hack a website:Part 2-web shells in kali linux
      • Upload shell and hack website : Infamous c99 shell
      • Upload shell to hack a website : Part3 - Weevely
      • Uploading shell and hacking a website : Metasploit
      • WAPT with HPWebinspect : Part 2
      • Web application penetration testing with HPwebinspect : Part 1
      • Webserver banner grabbing and countermeasures
    • ►Wifi hacking (5)
    • Classification of ports by Nmap
    • Complete guide to Meterpreter : Part 1
    • Easy Chat Server User Registration Buffer Overflow Exploit
    • Hacking FTP Telnet and SSH : Metasploitable Tutorials
    • Hacking Metasploitable : Scanning and Banner grabbing
    • Hacking ProFTPd on port 2121 and hacking the services on port 1524
    • How to create pen testing lab in VirtualBox.
    • How to phish with Weeman HTTP Server
    • Install Kali in Virtualbox (Update to kali 2020.4)
    • Installing Metasploitable in VirtualBox
    • Nmap - Target Specification
    • Password Cracking in Penetration Testing : Beginners Guide
    • Password cracking with Brutus
    • Ramayana : Lessons for Network Security
    • Real Life Hacking Scenario : Hacking my Friends
    • Setup a virtual pen testing lab : Step by Step guide
    • Upgrade command shell to Meterpreter session
    • Vulnerability Assessment by hackers : Part 2
  • ►Installations (6)
  • ►Networking (35)
    • ►Cisco Packet Tracer (10)
    • ►GNS3 (3)
    • ►Virtualbox (8)
    • ►Vmware (4)
  • ►Server (8)
    • ►Linux (3)
    • ►Windows (5)
  • ►Tweaking (19)
  • ►Uncategorized (6)
  • ►Vulnerawa (5)
Products
  • Hackercool Magazine (SUBSCRIPTION)
    Rated 5.00 out of 5
    $0.00 – $119.99
Contact Us
  • Hackercool Cybersecurity (OPC) Pvt Ltd.
  • Address: Hyderabad, India
  • Contact : 9505658443
  • E-mail : customercare@hackercoolmagz.com
  • Editor@hackercoolmagz.com
Follow Us On Facebook
Follow Us On Facebook
Menu
  • Magazine
  • My Account
  • Blog
  • About Us
  • Contact Us
Find on Map

© Hackercool Magazine 2021
Built with Storefront & WooCommerce.
  • My Account
  • Search
  • 0
Hackercool Magazine is a Unique Cyber Security MagazineLearn Advanced Ethical Hacking at your own pace from the comfort of your home

You learn

  1. How to create Real world Hacking Labs at your home.

  2. Hacking Scenarios like attacker system behind Router, Target system behind Firewall, both SYSTEMS behind different NAT networks, Lateral Movement and much more.

Don't just TRUST our word, download our Issues FREE for three months and see it for yourself. 

Subscribe Now

No thanks, I’m not interested!

The only cyber security magazine that teaches advanced penetration testing to beginners. Dismiss