How Hackers Bypass Authentication Process in PHP?
by Dinesh[ Edit ] 2014-10-04 16:06:23
When an application takes user data as an input, there is an opportunity for a malicious user to enter carefully crafted data that causes the input to be interpreted as part of a SQL query instead of data.
For example, imagine this line of code:
SELECT * FROM Users WHERE Username='$username' AND Password='$password'
which is designed to show all records from the table "Users" for a username and password supplied by a user. Using a Web interface, when prompted for his username and password, a malicious user might enter:
1' or '1' = '1
1' or '1' = '1
resulting in the query:
SELECT * FROM Users WHERE Username='1' OR '1' = '1' AND Password='1' OR '1' = '1'
The hacker has effectively injected a whole OR condition into the authentication process. Worse, the condition '1' = '1' is always true, so this SQL query will always result in the authentication process being bypassed.
thulasi
Good sharing.....
1
0
Add ReplyGuna
Nice post...
0
0
Add Reply