String SQL injection
Task:
Stage 1: Use String SQL Injection to bypass authentication. Use SQL injection to log in as the boss ('Neville') without using the correct password. Verify that Neville's profile can be viewed and that all functions are available (including Search, Create, and Delete)
Problems
1. I have the correct username bout I dont have the password.
2. I cant type more than 8 chars.
Solution
1.
I have to remove the input restriction for password so
I can type whatever I need to type.
2.
Try SQL injection for password field.
How to remove input restriction?
Write click on the web browser and select ‘Inspect element(Q)’
Now we can see the restriction.
Doble click and remove the maxlength. Now we can type whatever we need.
Now for the password try below command
X'OR'1'='1
Its done.
0 comments:
Post a Comment