SQL injection vulnerability allowing login bypass
https://portswigger.net/web-security/sql-injection/lab-login-bypass
Level: Apprentice
How can we bypass the login abusing SQLi?
Usually, you will test to bypass a login page using the following injected parameters.
What you are doing is commenting the rest of the query to login as a valid user and don't valid the password.
Last updated