ScrollUnlock

Lab 2 : SQL injection vulnerability allowing login bypass

Problem Statement :

This lab contains an SQL injection vulnerability in the login function.

To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.

Access the lab

Solution:

  1. Click MyAccount and it will show you the login page.

Next –

–> Type username as = ‘ OR 1=1–

–> type any password

Next I am logged in

Understanding the Solution :

Understand this query – The reason it is doing SELECT COUNT (*) here is to check how many of them exist. It will just return integer 1 or 0

If the values are true it will log in the user.

Lets add single quote and or 1=1 — at the end of the user name

UserName = Johnsmith’ OR 1=1–

This is how it looks in the query.

Response

  1. Solving SQL Injection Lab’s from PortSwigger | Scroll Unlock Avatar
    Solving SQL Injection Lab’s from PortSwigger | Scroll Unlock

    […] Lab 2 : SQL injection vulnerability allowing login bypass […]

    Like

    Reply

Leave a comment

From the blog

About the author

Sophia Bennett is an art historian and freelance writer with a passion for exploring the intersections between nature, symbolism, and artistic expression. With a background in Renaissance and modern art, Sophia enjoys uncovering the hidden meanings behind iconic works and sharing her insights with art lovers of all levels. When she’s not visiting museums or researching the latest trends in contemporary art, you can find her hiking in the countryside, always chasing the next rainbow.