You are currently viewing How To Find Sql Injection In Login Or Signup Function and Exploit It

How To Find Sql Injection In Login Or Signup Function and Exploit It

Hello All

as we all know about sql injection , sql injection is a big vulnerability and we can hack a website using this vulnerability that’s why company paid a high bounty for this vulnerability so let’s see how we can find it on login or signup page using sqlmap. Sqlmap is tool to find sql injection it is good tool and many of hackers are using this tool to find and scan sql injection in a website. We can scan a GET request and POST request using this but and also we can scan user agent and cookies too . So let’s see how we can scan a login page using sqlmap and extract some data from database .

To scan a website we need a website there we can test for testing we are using http://testphp.vulnweb.com/ this is a test website here we can test a sqlinjection vulnerability so let’s start. Now we need a login page so just click on signup page .

Now we have login page where we can test so let’s enter some random value in those field like username: test ; password:test and press enter

Now capture the request with burp suite

We can see we have a post data where we have two parameters uname=test&pass=test So let’s scan this. Open the terminal and type a command

sqlmap -u http://testphp.vulnweb.com/userinfo.php –data=”uname=test&pass=test” –method POST –dbs –dump –batch

Now press enter and see we have data of this website

Also we hava a dump data of this site :

This Post Has 2 Comments

  1. Philips https://myshopify.com/Philips

    Philips

Leave a Reply