SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/sql-injection-apprentice/sql-injection/lab-login-bypass

Description

This lab contains a SQL injection vulnerability in the login function.

To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

We need to login as administrator user, so try to use a random password as: password and of course it's wrong

Capturing the request and adding URL encoded payload of '-- after administrator value we're able to bypass login and solve the lab:

Last updated 9 months ago