How to Bypass WordPress Website Login using SQL Injection?

SQL Injection Attack

Table of Content

  • Introduction to SQL Injection
  • Bypass WordPress Website Login using SQL Injection?

What is SQL Injection?

In our previous articles, we have discussed SQL Injection Admin Login Bypass Cheat Sheet. Today we are going to discuss SQL injection weakness. SQL Injection is a poor input validation weakness caused by unsanitized user input.

We have created a login page to reveal the SQL injection vulnerabilitiesIn this blog, we will examine SQL Injection attack under a PHP/MySQL environment. This login page is running on the local webserver.

Now consider the scenario, often you may have seen the username and password field on each shopping site, but sometimes you need to enter your username and password? If any bugs are available on this site, then the hacker can easily take advantage of it? In this article, we will bypass the WordPress website login page with the help of some malicious code using SQL injection.

During the SQL injection attack, if you need a malicious SQL Injection cheat sheet code, then I have already developed a SQL Injection cheat sheet. To get more information, click on the link given below.


Without wasting time, let’s get started to bypass the WordPress website login page. According to the image, we have entered a malicious code in the username and password field, and quickly we got a login failed message. Now we will analyze various methods until the WordPress website login page is bypassed.

admin' or 1=1 "or'

This is our second attempt. If I fail again then, I will check its source code. Let’s jump into the SQL injection cheat sheet website. At this time, we will use the following malicious code.

or 1=1/*

Let’s carefully examine the source code. It is required to check the source code so that we can know, How is the WordPress website login page working.

Notice: How the $username and $password post variable are not sanitized in any way.

Notice: { if ($total == 1)}

if a single row is found matching the required username and password, authentication is granted.

Without wasting time, let’s get started with another SQL injection cheat sheet to bypass WordPress website login page.

admin’ or 1=1LIMIT 1;#

We have cheated the database without real credentials. According to the image, we have entered the target system database. It could be dangerous this attack was only for educational purposes.

Finally, we have scanned the victim’s database. Keep in mind, we should be presented with a valid authenticated session.

Mudasir Abbas Turi

Hi, this is Mudasir Abbas Turi. I am a Full-stack PHP and JavaScript developer with extensive experience in building and maintaining web applications. Skilled in both front-end and back-end development, with a strong background in PHP and JavaScript. Proficient in modern web development frameworks such as Laravel and ReactJS. Proven ability to develop and implement highly interactive user interfaces, and to integrate with various APIs and databases. Strong problem-solving skills and ability to work independently and as part of a team. Passionate about staying up-to-date with the latest technologies and industry trends.

Post a Comment

Previous Post Next Post