Wednesday, February 1, 2012

Bypassing Login Screen

Ok, Lets try to bypass the login screen on my testing webpage located in /var/www/fbip.

1. Open the browser and type in the address bar
localhost/fbip
A simple, ugly web page will appear.


2. Lets try to enter some code on the username field.
' or '1'='1'#
there will be an error.

3. Look on the url. It says that after the login the user will be redirected to the http://localhost/fbip/Process/proses_login.php
Lets put a # before the proses_login.php page and see what will happen.
http://localhost/fbip/Process/#proses_login.php

Good, looks like the bypass success..  :)

"the quieter you are, the more you are able to hear.."

0 comments:

Post a Comment