First step I want to try this web with sqlmap for look what information from that activities
With this command its will show how vulnerable level of this page and result is
I found this website is not injectable, so I cant to use this method attack, I'll try with other way is from Web browser
In this case I use Mantra, Costumized Web Browser for Penetration Testing based Website, I guess with my intuition password for admin is admin, and that is right, but its not to guessing but proof it, at first step I look source code of this page to found where is php file
I found form method to process login action
I activate feature add on of Hackbar in Mantra and fill code to url base php has I found before
And I add # <comment> to break a apart url to bypass action login to login php adn I press "Execute" after that to look result
And I have success to make bypass login page at this web
to bypass form login you can use sql injection, learn about sql injection. your report not bypass to login admin.. that is only go to another page..
ReplyDeleteI do, I try sql injection test for trainning so often after I make this article, I do this way cause I found it is from youtube and several site give solution like this... I also thinking this is not bypass login cause this is just jump to another page.
ReplyDelete