SQL injection vulnerability allowing login bypass - KA4KA4/PortSwigger-SQL-injection-Labs GitHub Wiki

hrllo, let's start solve lab

open the lab and goto my account

2

this lab intended login page because it's maybe valenrable if devoloper not limit and filter input from user

in this lab we need to break query to bypass login page , and the same time we dont know username, so this query '-- break query after add username and "--" is comment telling database the end of query

the syntax will be like this administrator'--

3

note :- if attacker not add username and just add '-- database will rspond the first user of database.

thank you 💯