Quality Testing

Quality is delighting customers

Dear All,

Pls. help how to test login page in useing SQL injection . pls. send with example.

Views: 1270

Reply to This

Replies to This Discussion

Hi Mohan ,

I am testing a login Page check security issue in UserName & Password fields . not a DB


--sandip wagh
Hi,

Please install the below Addon on mozill browser.. n play wid that..
https://addons.mozilla.org/en-US/firefox/addon/6727

If your site is having sql vulnerability.. u can directly able ot login in to the site with out providing authentication details..
after installing this addon.. you will found one icon show like " lock" at Bottom right of your browser page..

Now open your login screen
Hit on that "Lock Icon" i mean Sql injection Addon..
Hit on inject all
place the mouse pointer on login id area, now u can able to see the " sumit the form" button.
Hit on " submit the form " button..

If there is any sql vulnerability you can directly login with out providing the details
You can try code used for SQL injection....

In Username Field please enter the codes one by one : ' or 1=1 , hi ' or 1=1-- , test' '1'='1
Enter anything in password field and click on login.

Please refer OWASP WebGoat to practically preform this. It will show you with video's available for SQL injection. There is another term called Blind SQL Injection. you can even try this for your application.

For more details please contact again.

Regards,
~Vishal
Hi Vishal,

Nice but I have one question in Username field (text box on login page) we will enter first ' or 1=1
then hi ' or 1=1-- & then test' '1'='1 ? How ?
I am very confuse , please clear it . if you can send Screen shot on my ID then it will be more better.
hiteshshah19@gmail.com
Thanks
Hitesh Shah
Hi Hitesh ,

Some Time

1) username =Admin and PWD= ' or 1=1 then application was opened ,but actually in this case Fail.

2) username = ' or 1=1 and PWD= ' As per U R password enter. then application was opened ,but actually in this case Fail.

3) username = ' or 1=1 and PWD= ' or 1=1' condition true but actually in this case Fail.

above all condition are not possible. Display validation Message.

In Case

SELECT top 1 * FROM musers WHERE muser_empno = 'a' or 't'='t';

Execute then display all record in musers table.

Vishal i think i am wrong or right.

--Sandip Wagh
Hi Sandip,

You are absolutely correct.

Regards,
~Vishal

Hi All,

I am confuse for using sql injection with code.

i use following code for check in login page.

 User Name :- ' or 1=1

 Password :- 1234567

 I got alert message instead of index page it means that my site is secure with sql injection

 am i right?

Please correct me if  i am wrong

Thanks in advance

Thanks

Parthiv Patel

 

The first step in this test is to understand when the application interacts with a DB Server in order to access some data. Typical examples of cases when an application needs to talk to a DB include:

  • Authentication forms: when authentication is performed using a web form, chances are that the user credentials are checked against a database that contains all usernames and passwords (or, better, password hashes).
  • Search engines: the string submitted by the user could be used in a SQL query that extracts all relevant records from a database.
  • E-Commerce sites: the products and their characteristics (price, description, availability, etc) are very likely to be stored in a database.


The tester has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error. Consider also HTTP headers and Cookies.


The very first test usually consists of adding a single quote (') or a semicolon (;) to the field or parameter under test. The first is used in SQL as a string terminator and, if not filtered by the application, would lead to an incorrect query. The second is used to end a SQL statement and, if it is not filtered, it is also likely to generate an error. The output of a vulnerable field might resemble the following (on a Microsoft SQL Server, in this case):

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2021   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service