How To Find Sql Injection In Login Or Signup Function and Exploit It - Hacktube5 - Bug Bounty

How To Find Sql Injection In Login Or Signup Function and Exploit It

Hello All

as we all know about sql injection , sql injection is a big vulnerability and we can hack a website using this vulnerability that’s why company paid a high bounty for this vulnerability so let’s see how we can find it on login or signup page using sqlmap. Sqlmap is tool to find sql injection it is good tool and many of hackers are using this tool to find and scan sql injection in a website. We can scan a GET request and POST request using this but and also we can scan user agent and cookies too . So let’s see how we can scan a login page using sqlmap and extract some data from database .

To scan a website we need a website there we can test for testing we are using http://testphp.vulnweb.com/ this is a test website here we can test a sqlinjection vulnerability so let’s start. Now we need a login page so just click on signup page .

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/sqlblog1-300x201.png?resize=495%2C215&ssl=1" width="495" height="215" border="0" data-original-height="517" data-original-width="771" data-recalc-dims="1" />

Now we have login page where we can test so let’s enter some random value in those field like username: test ; password:test and press enter

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/sqlblog2-300x106.png?resize=452%2C113&ssl=1" width="452" height="113" border="0" data-original-height="192" data-original-width="543" data-recalc-dims="1" />

Now capture the request with burp suite

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/sqlblog3-300x107.png?resize=469%2C114&ssl=1" width="469" height="114" border="0" data-original-height="385" data-original-width="1076" data-recalc-dims="1" />

We can see we have a post data where we have two parameters uname=test&pass=test So let’s scan this. Open the terminal and type a command

sqlmap -u http://testphp.vulnweb.com/userinfo.php –data=”uname=test&pass=test” –method POST –dbs –dump –batch

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/sqlblog4-300x19.png?resize=488%2C20&ssl=1" width="488" height="20" border="0" data-original-height="59" data-original-width="950" data-recalc-dims="1" />

Now press enter and see we have data of this website

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/sqlblog5-300x122.png?resize=496%2C130&ssl=1" width="496" height="130" border="0" data-original-height="551" data-original-width="1361" data-recalc-dims="1" />

Also we hava a dump data of this site :

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/sqlblog6-300x137.png?resize=488%2C146&ssl=1" width="488" height="146" border="0" data-original-height="622" data-original-width="1365" data-recalc-dims="1" />

Related

Tags: blind sql injection, how to prevent sql injection, sql injection, sql injection attack, sql injection cheat sheet, sql injection example, sql injection payloads, sql injection prevention, sql injection types, what is sql injection

This Post Has 2 Comments

HaleyHaley https://qq.com/ December 17, 2021 Reply

Haley https://qq.com/
Philips https://myshopify.com/Philips December 17, 2021 Reply

Philips

Leave a Reply Cancel reply