Ok, Lets try to bypass the login screen on my testing webpage located in /var/www/fbip.
1. Open the browser and type in the address bar
localhost/fbip
A simple, ugly web page will appear.
2. Lets try to enter some code on the username field.
' or '1'='1'#
there will be an error.
3. Look on the url. It says that after the login the user will be redirected to the http://localhost/fbip/Process/proses_login.php
Lets put a # before the proses_login.php page and see what will happen.
http://localhost/fbip/Process/#proses_login.php
Good, looks like the bypass success.. :)
"the quieter you are, the more you are able to hear.."
0 comments:
Post a Comment