Home Computer Problems Bypass Authentication Account.
Computer Problems
Bypass Authentication Account.
Date: 4 May , 2015
Category: Computer Problems
View: 18642
Like
0 Like
Dislike
0 Des
Solutions















Browse to the login.php page; here we can see simple login form.



If the application does not properly filter such input, the tester will be able to inject XPath code and interfere with the query result. For instance, the tester could input the following values:

Username: ' or '1' = '1
Password: ' or '1' = '1



Looks quite familiar, doesn't it? Using these parameters, the query becomes:

string(//Employee[uname/text()='' or '1' = '1' and passwd/text()='' or '1' = '1']/account/text())

As in a common SQL Injection attack, we have created a query that is always evaluated as true, which means that the application will authenticate the user even if a username or a password have not been provided.


Comment :

Search tags : Bypass Authentication Account. Computer Problems


ADVERTISMENT



Most Popular Solutions

Copyright © TheSolveProblems.Com 2015 - 2016 All Right Reserves | Powered by EarnEDU Pvt. Ltd. | Created by Bebbisingh
>>>>>>>>>>