Saturday, August 7, 2010

SQL Injection Part-2

As said in the earlier post .. lets see how to bye-pass a login page with ease using a magic string

here is the sites link : http://testasp.acunetix.com/Login.asp?RetURL=%2FDefault.asp%3F

open the link its a login page:

here is a trick to bye pass the login page using sql injection technique, in the username field type this ' or 1=1--
for the password field type anything ulike as it does not matter

example :
username :' or 1=1--
password :123

and voila... ur loged in .. this is made possible becoz the above site is vulnerable to sql injection flaw....

u can not only bypass the login mechanism u can retrieve the entire list of usernames and passwords stored in the database easily.. using the same sql injection..

In the next post we will see how we can retrieve an entire table from the database server.. It will be fun trust me.. Stay tuned

P.S : dont try this on any-other sites..

No comments:

Post a Comment