Simple Login Page Bypass..



Simple Login Page Bypass Using SQLi..

The following code is being used in a login check page.

Find the proper credentials for getting a successful authentication alert.


$result = mysql_query($sql);
if(mysql_num_rows($result) == 0){
echo "<script>alert('failed')</script>";
} else {
$res = mysql_fetch_array($result);
if($res[2]==$pwd&&((!$res[7])&&($res[3]))) {
echo "<script>alert('success');</script>";
} else {
echo "<script>alert('failed');</script>";
}
}


Find USERNAME & PASSWORD

or find the answers here









Comments

Popular posts from this blog

Cross Site Scripting Filter Bypassing using Header Injection (CRLF).....

Cross Site Scripting through callback functionality

Multiple Vulnerabilities in eFront CMS v3.6.15.4