Lab: SQL injection vulnerability allowing login bypass
Solution:
administrator'-- -This lab contains an SQL injection vulnerability in the login function.
To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.
Steps:
try to inject test' and test' in the user and password.
so try to inject in username with administrator and ignore the password field
What happened in the backend:
PreviousLab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataNextLab: SQL injection UNION attack, determining the number of columns returned by the query
Last updated