jadf24 wrotehow silly would it be if all they had to do to login as admin was enter: admin'-- hehe
It's not really simple like this, you need an in depth understanding of SQL.
Usually a login page is vulnerable to SQL injection is because it doesn't filter user input so it can be used to inject additional SQL queries and commands.
In ASP, for example the vulnerable line is :
sSql = "SELECT * FROM tblCustomers where cust_name='" & myUsrName & "' and
cust_password='"&myUsrPassword&"'"
Let's say we entered the username:
“ 'or 1=1-- “
the “--” syntax closes an SQL query, and everything after this line would be ignored. This leaves us with:
SELECT * FROM tblCustomers where cust_name='' or 1=1--
Since 1=1 always equates to positive, the SQL query will return a true result, and the user will
successfully log in to the system, usually as the first user configured on the SQL database. Well this attack is just the SQL Authentication Bypass Attack. ( i guess this is what they call it. )
But actually we are nowhere near done, you still need to Identify SQL Injection Vulnerabilities and it differs with different versions, then you need to Enumerate Table Names, then you need to Enumerate the Column types, after that you can get your hands on the database or execute some codes.
This is just ASP , it differs a bit in PHP, you need to enumerate databases names, we can also inject backdoors.
You can actually find SQLi vulnerable websites using Google dorks or some scanners.
As i said it's not that easy by just entering that username.
