Sql Injection on login form

Asked By 0 points N/A Posted on -
qa-featured

Hi All,
I use the following access details in login page to check ksql injection.

User Name : admin'
Password "- 1234567

and receive a alert message so it means my site is secure with sql injection.

Please correct me if i am wrong.

Thanks

Parthiv

SHARE
Answered By 0 points N/A #162224

Sql Injection on login form

qa-featured

Hi,

The credentials what you are using is not a SQL injection rather it is just a normal username and password. But the code thinks that it is false and returns that password is matched.

The original SQL injection string is :      'or''=' 

Use the provided string as you website password and try using it. 

use something like this.

Username : admin

Password : 'or''='         (This is nothing but SQL injection password)

Please let me know if you need any more help on the same.

Login/Register to Answer

Related Questions