Lab: 1.2 SQL injection vulnerability allowing login bypass — 2 | 2023

To solve the lab, perform a SQL injection attack that logs into the application as the administrator user | Karthikeyan Nagaraj

Subverting application logic

Description:

This lab contains a SQL injection vulnerability in the login function.

To solve the lab, perform a SQL injection attack that logs into the application as the administrator user.

Solution:

1. This lab contains injection Vulnerability in the login field

2. By only knowing the user name, we can able to bypass the login Functionality using some SQL Injection Sequence

3. After typing the username administrator, we added a quote ‘ and double hyphens - - as below

administrator’--

4. Here, an attacker can log in as any user without a password simply by using the SQL comment sequence -- to remove the password check from the WHERE clause of the query. For example, submitting the username administrator'-- and a blank password results in the following query

SELECT * FROM users WHERE username = ‘administrator’--‘ AND password =‘’

This query returns the user whose username administrator and successfully logs the attacker in as that user.

If you would like to support me so that I could create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Free Ethical Hacking Dumps — https://t.me/ethicalhackingessentials