How To Patch SQLI on Your Website: Bypass Admin

in utopian-io •  7 years ago  (edited)

What Will I Learn?

  • You will learn how to patch bypass admin.
  • You will learn how to use PHP filter on your SQL.
  • You will learn how hackers work to bypass your admin login page.
  • You will learn malicious syntax in SQL.

Requirements

  • You must know the use of PHP language.
  • You must know SQL.

Difficulty

  • Intermediate

Tutorial Contents

Well Hello people, now I wanna teach you how to patch SQLI on your website. Here I just emphasize the bypass admin bug. but first you must know what is SQLI? SQLI (SQL injection) is a hacking technique whereby an attacker can insert SQL commands via url or form form in the website to run database commands. okay now I want to show you how hackers work to bypass your admin login page.

test224.gif

if you saw above you must to be carefully to make a website, now I will tell you some syntax that is considered dangerous and must be removed from your website by filtering it.

'=' 'or'
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*

How to patch this bug?

here I have a source code that is vulnerable to this bug

<?php
include'connection.php';
if (isset($_POST['login']))
{
    $name=$_POST['name'];
    $password=$_POST['password'];
    $query="SELECT * FROM admin where admin_name='$name' AND admin_password='$password'";
    $rq=mysqli_query($conn,$query);
    if (mysqli_num_rows($rq) > 0) {
        $id=0;
        @session_start();
        $_SESSION['admin_name']=$name;
        $_SESSION['user']=$id;
            echo "<script>
alert('Logged in');
window.location.href='index.php';
</script>";
    }
    else
    {
        echo "<script>
alert('Email or Password is inavlid');
window.location.href='login.php';
</script>"  
    }   
}
?>

you can see on that source without PHP filter, the PHP filter that should be used is addslashes () function. The addslashes () function is a string function to give a slash or slash if there are certain characters in the string. The characters are: Single Quote ('); Double Quote ("); backslash (). You can see again at above where syntax that is considered dangerous using Single Quote ('); Double Quote ("); backslash (), so this function very important to your website right?. We can put addslashes to that source in part

 $name=$_POST['name'];
    $password=$_POST['password'];

and you can add addslashes() function like this

$name=addslashes($_POST['name']);
    $password=addslashes($_POST['password']);

if you already to put addslashes() function Like that I promise your website now don't have that bug again :)

see the picture below I have patched BYPASS ADMIN bug on my website
patched.gif

okay until here i teach you How To Patch SQLI on Your Website: Bypass Admin. Cheerio!



Posted on Utopian.io - Rewarding Open Source Contributors

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you for the contribution. It has been approved.

You can contact us on Discord.
[utopian-moderator]

Hey @farahulfa I am @utopian-io. I have just upvoted you!

Achievements

  • You have less than 500 followers. Just gave you a gift to help you succeed!
  • Seems like you contribute quite often. AMAZING!

Suggestions

  • Contribute more often to get higher and higher rewards. I wish to see you often!
  • Work on your followers to increase the votes/rewards. I follow what humans do and my vote is mainly based on that. Good luck!

Get Noticed!

  • Did you know project owners can manually vote with their own voting power or by voting power delegated to their projects? Ask the project owner to review your contributions!

Community-Driven Witness!

I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!

mooncryption-utopian-witness-gif

Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x