SQL injection vulnerability allowing login bypass
https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice/sql-injection-apprentice/sql-injection/lab-login-bypass
Description
This lab contains a SQL injection vulnerability in the login function.
To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.
Solution
We need to login as administrator user, so try to use a random password as: password and of course it's wrong
Capturing the request and adding URL encoded payload of '-- after administrator value we're able to bypass login and solve the lab:
PreviousSQL injection vulnerability in WHERE clause allowing retrieval of hidden dataNextJWT Attacks
Last updated