Web Security Academy ~ SQLi (Lab #2) ⚙️

2 years ago

59

web security academy burp suite portswigger sqli

If the query returns the details of a user, then the login is successful. Otherwise, it is rejected.

In this lab an attacker can log in as any user without a password simply by using the SQL comment sequence -- (double-dash) to remove the password check from the WHERE clause of the query.

By submitting the username administrator'-- the password results in the following query:
SELECT * FROM users WHERE username = 'administrator'--' AND password = ''
Ignoring the password field, because it comes after the comment sequence (double-dash)

This query returns the user whose username is administrator and successfully logs the attacker in as that user.

💙💙💙💙💙💙💙💙💙💙💙💙
FREE CYBER SECURITY LEARNING RESOURCES :

The Cyber Mentor --- https://academy.tcm-sec.com
Nathan House --- https://www.stationx.net
John Hammond --- https://johnhammond.org
Loi Liang --- https://loiliangyang.com
HackerSploit --- https://hackersploit.org
David Bombal --- https://davidbombal.com
Professor Messer --- https://www.professormesser.com
w3schools --- https://www.w3schools.com

#hacktolearn #websecurityacademy #sqli #commentsequence #doubledash

Loading comments...

Comments