Let's log in as administrator of this website without knowing the password. By bypassing the login mechanism using an SQL Injection attack.
By injecting SQL code into the login form, an attacker can circumvent basic checks made by the database. Usually a website (that's badly coded) will have some form of this SQL query:
"SELECT * FROM users WHERE username='$user-name-input' AND password='$password-input' "
So if an attacker can Inject some SQL (hence the term SQL Injection) he can pass in a username like:
$user-name-input = " administrator' -- " and it will translate into this query:
"SELECT * FROM users WHERE username='administrator' -- ' AND password='$password-input' "
which will comment out the AND part and not check for the password AT ALL.
SQL Injections are usually a sign of bad coding practices and could be a lead for more vulnerabilities. So bypassing a login with SQLI is just the beginning :D
Here is another challenge where I had to exploit an SQL Injection vulnerability to bypass login: [ Ссылка ]
------------------------------
Subscribe for more videos about software engineering and full stack development and cybersecurity: [ Ссылка ]
Share this video with a friend:
[ Ссылка ]
Main Channel: [ Ссылка ]
Support The Channel With A (Monthly) Donation: [ Ссылка ]
Get my Merch Here: [ Ссылка ]
Join INE and get your CyberSecurity Certification*: [ Ссылка ]
NordVPN*: [ Ссылка ]
---------------------------------------------
** Similar Channels **
🔴 LiveOverFlow: [ Ссылка ]
💻 John Hammond: [ Ссылка ]
😎 Stök: [ Ссылка ]
🖧 Network Chuck: [ Ссылка ]
🖥️ PwnFunction: [ Ссылка ]
😈 Seytonic: [ Ссылка ]
---------------------------------------------
Let’s connect:
Twitter – @zanidd
Twitch – dev_null1337
Website/ Blog - [ Ссылка ]
Newsletter - [ Ссылка ]
Password Security Course: [ Ссылка ]
* I may earn a small commission for my endorsement, recommendation, testimonial, and/or link to any products or services from this website. Your purchase helps support my work in bringing you real information about security and computer science.
Thank you for watching :)
-~-~~-~~~-~~-~-
Please watch: "5 Hacking Mistakes That Make You A BAD Hacker"
[ Ссылка ]
-~-~~-~~~-~~-~-
bypass login with SQL Injection
Теги
sql injectionweb securityopen web application security projectweb security academyoffensive security web expertoffensive securitybug bountyburp suitesql injection login bypasssql injection attacksql injection tutorialsql injection tutorial for beginnerssql injection vulnerability allowing login bypasssql injection bug bountysql injection attack on login pagesql injection username and password bypasssql injection tosql injection to bypass login
