Bypass admin privilege by using sql injection

4 years ago 275
BOOK THIS SPACE FOR AD
ARTICLE AD

Bypass admin privilege by using sql injection

Note:This article its for educational purpose don’t grant by misusing it by any cost. It help us to understand how we can exploit administrator credentials without a password in website

Image for post

Image for post

Before we exploit any website make sure we should go through some procedure as follow:

Google Dorking- It's a techniques where accidentally your data being exposed over a internet whether it will be a server log,files or be a username you didn’t even know it will be your company information too, It will be a great opportunity for a hacker out there to grab the information if that accidentally exposed that can be diplomatic to figured it out.we can predict google dorking by writing up some combination of strings as follow

inurl:adminlogin.php?id=

Here we go i could found lots of websites which may have chance for an exploitation (sql-injection)

Image for post

Image for post

FIGURE:1

After a lots of struggles i could find Faculty Information System - Admin Login of an institution.

Image for post

Image for post

FIGURE:1.1

As above image FIGURE 1.1 we have an id and a password where a user try to enter there id as well as their password if that matches it will redirect to dashboard page of an admin if not it show invalid password. Queries look these in the sql backend database.

SELECT * FROM TABLE WHERE id=’ ’ and password= ‘ ‘ ;

I tried to inject id with administrator with a single quote(-) with a comment sequence (- -) and a password with a single quote these will detach password and we can successfully login with administrator account. Queries look like these in the sql backend database.Note:Don’t give space between the comment sequence

Image for post

Image for post

FIGURE:1.2

SELECT * FROM TABLE WHERE id=’administrator’- -’ and password=’ ’

Cheers✌finally we successfully login in with administrator without any password here the image of an admin dashboard. Recommended not for illegal stuff.

Image for post

Image for post

FIGURE:1.3
Read Entire Article