N/APosted on - 09/14/2012
I use the following access details in login page to check ksql injection.
User Name : admin'
Password "- 1234567
and receive a alert message so it means my site is secure with sql injection.
Please correct me if i am wrong.
Sql Injection on login form
The credentials what you are using is not a SQL injection rather it is just a normal username and password. But the code thinks that it is false and returns that password is matched.
The original SQL injection string is : 'or''='
Use the provided string as you website password and try using it.
use something like this.
Username : admin
Password : 'or''=' (This is nothing but SQL injection password)
Please let me know if you need any more help on the same.