Thursday, 10 April 2014

Simple Login Page Bypass..



Simple Login Page Bypass Using SQLi..

The following code is being used in a login check page.

Find the proper credentials for getting a successful authentication alert.


$result = mysql_query($sql);
if(mysql_num_rows($result) == 0){
echo "<script>alert('failed')</script>";
} else {
$res = mysql_fetch_array($result);
if($res[2]==$pwd&&((!$res[7])&&($res[3]))) {
echo "<script>alert('success');</script>";
} else {
echo "<script>alert('failed');</script>";
}
}


Find USERNAME & PASSWORD

or find the answers here









No comments:

Post a Comment