Login Page

Not only select statements can be vulnerable to SQL Injection, you can use SQL Injection on INSERT INTO in order to add the admin user to application.

<LOGIN>' or 1-1 -- //

Default Credentials

Google: Default credentials [software name and version]

Brute Force

Intruder with SecLists

Credentials Hunting

Explore web application and search for credentials. Use login as password. Spray every port with found credentials.

PreviousExploit Searching NextOther Pages

Last updated 1 year ago

hashtagSQL Injection to login

hashtagSQL injection to login

hashtagSQL Wildcards to login

hashtagDefault Credentials

hashtagBrute Force

hashtagCredentials Hunting

SQL Injection to login

SQL injection to login

SQL Wildcards to login

Default Credentials

Brute Force

Credentials Hunting