search

Lab: SQL injection vulnerability allowing login bypass

hashtag
Lab: SQL injection vulnerability allowing login bypassarrow-up-right

hashtag
Solution: 

administrator'-- -

This lab contains an SQL injectionarrow-up-right vulnerability in the login function.

To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.

hashtag
Steps:

  1. Visit: https://YOUR-SESSION.web-security-academy.net/loginarrow-up-right

  2. try to inject test' and test' in the user and password.

  4. so try to inject in username with administrator and ignore the password field

What happened in the backend:

PreviousLab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataNextLab: SQL injection UNION attack, determining the number of columns returned by the query

Last updated