Login Page

Not only select statements can be vulnerable to SQL Injection, you can use SQL Injection on INSERT INTO in order to add the admin user to application.

<LOGIN>' or 1-1 -- //

Default Credentials

Google: Default credentials [software name and version]

Brute Force

Intruder with SecLists

Credentials Hunting

Explore web application and search for credentials. Use login as password. Spray every port with found credentials.

PreviousExploit Searching NextOther Pages

Last updated 1 year ago

SQL Injection to login

SQL injection to login

SQL Wildcards to login

Default Credentials

Brute Force

Credentials Hunting