SQLi Login Bypass

Lab 7: SQL Injection - Using SQLi to Bypass Authentication

Go to login page form https://127.0.0.1/index.php?page=login.php

and check if the form is vulnerable to SQL injection vulnerability inserting a 'broken payload' for SQL such as: single quote ('):

Very good, this is the typical error message of MySQL, than we can inject a malicious payload: ' OR 1=1 -- as username to bypass login:

and login as admin: