Hey, Hackers in this article I am going to tell you about a method that I implemented to test the security of a web application and the database. This is the common vulnerability method used by hackers to perform SQL injection. Note that in today’s world even if we are in 2020 there are people who use MySQL database although it is a pretty much good database but it has a vulnerability. so in this article I am going to tell you about a SQL injection that can be done with just one line of code.
SQL Injection 1=1 Vulnerability :
Even if you don’t have any prior knowledge about this SQL Injection Don’t worry I will explain everything in detail. So you should have a little knowledge about the SQL injection and how the authentication of your username and password is done in the server. So SQL injection means the Injection of some malicious or harmful code into the database such that you will be able to perform some actions which are you are not allowed to perform. In other words in SQL injection we inject the malicious code into database to manipulate the database according to your needs and executing Commands which you are not allowed to perform otherwise.
Now next you need to look at how the username and password authentication done in server:
When you enter username and password and click on the submit button the query will execute in the background to check whether the username and the password is present in a database or not. If a username and its respective password is present and correct then the statement will return TRUE value to the server and the server will grant access to that user on the specific website or web application.
Now, All we have to do is to manipulate the server and database query such that it will return us a TRUE value! so the server will think the username and password is correct and we will be able to take over the database! Following is the SQL injection code:
' or 1=1/* ============OR=================== ' or 1=1--
The statement always returns a true value so if you put this on username field it will return a TRUE value and the other — after 1 makes the following query ignore, So it doesn’t matter what you enter.
The following queries executed in the server like follows:
$statement = "SELECT * FROM users WHERE username ='$user' AND password '$password'";
So as the statement Always returns a TRUE value, You will grant access to the database.
Another Method :
Another method is to do that by modifying the request sent by the website to the server.
if you are coming from the technological background and have a little knowledge about PHP language you may know that the request is sent to the server by GET or POST method.
You should know when you send data via GET method the parameters can be easily seen in the URL this is a poor way of implementation, but Some of the new programmers or some of the developers with no prior knowledge about this, implement this method. When you use get method you can easily see the username and password in the URL field. you can manipulate this URL according to urinate so that when malicious code can be injected into the database and you can do blind SQL injection.
As you can see in above image I have changed the username parameter with our query to make it always true, note that you have to first type any random username and password to know the variable name or parameter name like it could be use, usrname, or username etc, In above image the parameter name is uname and for password pass is used.
Although it’s some of the users are using POST method it is kind of a difficult to take over the database and if you are configuring any kind of web application or developing a web application you should always use a POST method such that the username and password will be sent to the server not by URL but by inside a body massage.
This trick only works for the server using MySQL database old version with vulnerability.
If you have any questions feel free to ask in the comments below.
Get in touch with us everywhere to get more such amazing tricks and knowledge.