How to Patch the Admin Login Bypass Bug

Actually, how to patch the admin bypass bug on the website is very easy, you only need to add the mysqli_escape_string command .

The following is an example of a source code that has an admin login bypass vulnerability, I will just take certain parts.

<? php
$ message = “”;
if (isset ($ _ POST [‘submit’])) {
$ username = ($ _POST [‘username’]);
$ password = ($ _POST [‘password’]);

Code blah blah blah
code blah blah blah
code blah blah blah

} else {
$ message = “Username and Password is not matched”;
}
}
?>f we understand the source code above, here is the code where the problem is that it can be bypassed by the admin login.

$ username = ($ _POST [‘username’]);
$ password = ($ _POST [‘password’]);

For this explanation, we know that the code does not have character filtering which results in a bug where an attacker can enter an injection query and can enter the admin panel dashboard of a website.

So, that’s why we just add the code or function mysqli_escape_string in the code section that can cause the bug, if you combine this method like this the code.

$ username = mysqli_escape_string ($ con, $ _POST [‘username’]);
$ password = mysqli_escape_string ($ con, $ _POST [‘password’]);

If we understand the source code above, here is the code where the problem is that it can be bypassed by the admin login.

$ username = ($ _POST [‘username’]);
$ password = ($ _POST [‘password’]);

For this explanation, we know that the code does not have character filtering which results in a bug where an attacker can enter an injection query and can enter the admin panel dashboard of a website.

So, that’s why we just add the code or function mysqli_escape_string in the code section that can cause the bug, if you combine this method like this the code.

$ username = mysqli_escape_string ($ con, $ _POST [‘username’]);
$ password = mysqli_escape_string ($ con, $ _POST [‘password’]);

You already understand how? If so, great!

So after adding a filter in the $ username and $ password code section with the mysqli_escape_string function , an attacker will not be able to inject the admin login, great haha.

Good luck, enjoy …

Closing:

That is the simple article that I wrote about the Admin Login Deface Bypass Tutorial and How to Patch the Admin Bypass Bug based on the experiences I have learned, hopefully it can be useful and useful for everyone.

From my apologies if there are errors or are unclear in writing, please correct / understand it because I am also a very beginner. For those of you who want to be asked about this, please write in the comments column below, as much as possible I will help answer.