Sitecore database lesson 4 – Hack Sitecore from Database

If you don’t know the Sitecore credentials and have access of Sitecore database, there is one hacker’s way to login into any Sitecore user account. For this you must have access of CORE database of Sitecore environment.

Sitecore stores all user profile data in “aspnet_Users” table and all user’s passwords in “aspnet_Membership” table.

You can use below query in CORE database to get all these details

SELECT au.UserId, au.UserName, am.Password, am.PasswordSalt FROM [dbo].[aspnet_Users] au INNER JOIN [dbo].[aspnet_Membership] am ON au.UserId = am.UserId

When I run this query in my test environment, I received below result.

Get Sitecore Passwords

If you know the password of any one user (at least your own), you can set the same password to any other user and can login into their account. Once you finish your work, you can again set their original password as it is. 

You can fire below query to set any account password with known password. Here I know admin password and now setting user “sitecore\editor1” password to admin password. 

Update [dbo].[aspnet_Membership] SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc=', PasswordSalt='OM5gu45RQuJ76itRvkSPFw==' WHERE UserId = 'D44D17F4-C4BD-4A41-841A-CDA3587957B5'

After updating the data I am getting below result 

Updated Password

 Bingoooooo now I am able to login to “sitecore\editor1” with admin password.

NOTE: - You need to update both Password and PasswordSalt fields. Only change in Password field will not work.

I hope you like this Sitecore database lesson. Stay tune for more Sitecore database related articles. 

Please leave your comments or share this article if it’s useful for you.