SQL injection: Login without knowing Name and Password of the authorized person
A SQL injection attack exploits vulnerabilities in a web server database that allow the attacker to gain access to the database and read, modify, or delete information.
An example of a SQL injection attack is making the condition true by giving the identical value to a web page. These values can be inserted into a login as follows:
Name: 1' or '1'='1
Password: 1' or '1'='1
Or you can use any word like this:
Name: hello’ or ‘hello’=’hello
When the Username argument is evaluated, ‘1’=’1’ will assess to TRUE, and an authentic username will be returned.
Now this will not work on mostly sites but you can try if you think that site is not more secure.
Try Keyloggers or Trojans to keep track on any computers.
An example of a SQL injection attack is making the condition true by giving the identical value to a web page. These values can be inserted into a login as follows:
Name: 1' or '1'='1
Password: 1' or '1'='1
Or you can use any word like this:
Name: hello’ or ‘hello’=’hello
When the Username argument is evaluated, ‘1’=’1’ will assess to TRUE, and an authentic username will be returned.
Now this will not work on mostly sites but you can try if you think that site is not more secure.
Try Keyloggers or Trojans to keep track on any computers.
Comments
Post a Comment