So here I am going to disclose how I hacked some website within 5 mins !
Disclaimer : If you plan to use this content for illegal purpose, then please leave this site immediately! We will not be responsible for your any illegal actions.
Before that, Lets learn some SQL!
Lets Say there is Database X which consists a table Y with Login credentials.
So now the code for selecting user after entering username and password will be
SELECT * FROM Y WHERE username=<username> and password=<password>;
Now lets Get into it !
Say the website URL is www.asdfgh.com. I used directory search tool so that I can find all the directories with certain commonly used word list.
And there was “/admin” dir for that website i.e www.asdfgh.com/admin.
That’s cool, But I don’t know the admin username and password :(
So first step to do with login system is try sqli :)
Boom it worked !
So what did I do ?
The SQL command for selecting user is SELECT * FROM Y WHERE username=<username> and password=<password>; so now how sqli works is I will give some input such that the above command will become true for any username :)
Let’s Understand how it worked !
So when I give username as xyz and password as 1'or’1'=’1 lets see how the SQL command changes..
SELECT * FROM Y WHERE username=’xyz’ and password=’1'or’1'=’1' ;
Take a closer look
username=’xyz’ and password= ’1' or ’1' = ’1'
so either first statement username and password should be true or the second statement 1=1 should be true and we know that 0 or 1 is 1 so now the login is bypassed :)
Why did this happen and how to prevent this ?
Never trust user inputs. Always sanitize the user inputs before performing database operations.
Note: Getting into admin page always doesn’t mean that you will get full access to the website or server. In my case I got full access to the website contents management page only.
