SQL Injection Exploiting Login form

sql sql-injection
76,464

Solution 1

Assuming that : 

 ' OR '1'='1';

is a hack then possibilites might be endless if input is not sanitized eg:

' OR '1'='1'; drop table users;

ect.

Solution 2

form injection into username and password boxes should be as follows.. z' OR 'x'= 'x..... but attackers can use an url injection technique to fetch info from your website

Share:
76,464
Naveen
Author by

Naveen

A stupid but enthusiastic programmer ,who analyses everything too deeply.

Updated on June 28, 2020

Comments

  • Naveen
    Naveen almost 4 years

    I was wondering while testing my website that is there any way that the user can fetch data from my database by making some further modification in the following query

    SELECT * FROM users WHERE login='admin' AND password='1' OR '1'='1';

    provided that he knew admin username and used '1'='1' for password to hack into it.

    What else can he add to echo the password on screen or find table details?

    I want to do this to understand the limits the unprotected SQL can harm us for my presentation on SQL injection

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Python SQLite3 SQL Injection Vulnerable Code
sqlmap is too slow
How should I write PHP $_POST vars in a mysql_query function?
SQLMAP - Post JSON data as body
How to prevent SQL Injection in Wordpress?
RegEx to Detect SQL Injection
How is SQL injection typically stopped in a Spring/Hibernate setup
How should I pass a table name into a stored proc?
How can I avoid SQL injection attacks in my ASP.NET application?
How to prevent SQL Injection with JPA and Hibernate?