SQL injection is a technique used to take advantage of non-validated input vulnerability,to pass SQL commands through a Web application for execution by a backend databas. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside the parameters.The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.
SIMPLE BYPASS AUTHENTICATION FROM FRONTEND
In its simplest form, this is how the SQL Injection works. It is impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a username field:
'OR 1=1' or 'OR "= '
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = 'USRTEXT'AND password = 'PASSTEXT'
Where USRTEXT and PASSTEXT are what the user enters in the login fields (Username and Password) of the web form.
So entering 'OR 1=1' as your username could result in the following query being executed:
SELECT * FROM users WHERE username = "OR 1=1 'AND password ="
Two things you need to know about this are: ['] closes the [username] text field.
["] is the SQL convention for commenting code; everything after comment is ignored.
So the actual routine now becomes:
SELECT * FROM users WHERE username = " OR 1=1
1 is always equal to 1 the last time I checked, so the authorization routine is now validated, and we are ushered in the front door to 'wreck'.
Everything on the blog is for educational purpose only.
SIMPLE BYPASS AUTHENTICATION FROM FRONTEND
In its simplest form, this is how the SQL Injection works. It is impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a username field:
'OR 1=1' or 'OR "= '
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = 'USRTEXT'AND password = 'PASSTEXT'
Where USRTEXT and PASSTEXT are what the user enters in the login fields (Username and Password) of the web form.
So entering 'OR 1=1' as your username could result in the following query being executed:
SELECT * FROM users WHERE username = "OR 1=1 'AND password ="
Two things you need to know about this are: ['] closes the [username] text field.
["] is the SQL convention for commenting code; everything after comment is ignored.
So the actual routine now becomes:
SELECT * FROM users WHERE username = " OR 1=1
1 is always equal to 1 the last time I checked, so the authorization routine is now validated, and we are ushered in the front door to 'wreck'.
Everything on the blog is for educational purpose only.
0 comments:
Post a Comment