Sql Injection Part 1 Hacking Admin Panels Using sql Authentication bypass: A Practical Guide

In the first part of this article we looked at some of the common authentication types used in Web Applications these days and discussed their pros and cons. In this article we take it one step further and discuss some of the advanced authentication methods used these days. We will also discuss the various techniques for bypassing web based authentication, and discuss the steps needed to avoid such kinds of vulnerabilities. Overall this article will be divided into two sections.

Sql Injection Part 1 Hacking Admin Panels Using sql Authentication bypass

In this article we looked at some of the advanced authentication techniques used these days, namely two-factor authentication, Certificate Based Authentication and Open ID. We discussed the pros and cons of each of these techniques. We also discussed various methods of bypassing authentication like SQL injection, cookie stealing and session hijacking. No one method of authentication is the best, however using some of the advanced authentication methods will always decrease the chances of our personal information getting compromised.

Its better to use Prepared Statement. The problem with SQL injection is, that a user input is used as part of the SQL statement. By using prepared statements you can force the user input to be handled as the content of a parameter (and not as a part of the SQL command).

So the attacker can now send objects to the server, but how do they exploit that? In an SQL injection, the most basic authentication bypass you can do is quote (") or one equals one (1=1) double dash. This query results in true every time.

The username field being vulnerable too, it can also be exploited to gain access to the system. In fact, it would be easier and far more practical for the hacker to bypass authentication this way since he could choose which user's account he would like to log into. Here is what the SQL injection attack will look like.

In these simple examples, we have seen that an attacker can bypass an authentication system with SQL injection. Without minimizing the disastrous consequences this might have, it is important to mention that a SQL injection can have much bigger security impact than a login bypass.

This part of the cyber security tutorial will help you learn the SQL injection technique of attack, types of SQL injection and the tools used, how to detect SQL injection, tools used for wireless network hacking and mobile platform hacking. 2ff7e9595c