We were unable to load Disqus. If you are a moderator please see our troubleshooting guide.

hey! it's ok to see the fail and how occurs the injection. but can you include the solution?
and can you include a new chapters with a new sql injection method in every chapter?

thanks in advance!

tobi • 2 years ago

Please dockerize this code . Thank you

Andrew S. • 1 year ago

This is a very good explanation of a SQL injection. If you where to have more than one user, one way to log into a random user would be where both the username and password were inputted as the value

unknown' or '1'='1

than it finds every combination of stored password and user in the system untill it finds the first matching one. Also, one nice thing to do would be to provide a way to prevent SQL injections in real cases this will help everyone here.

zedxin • 5 years ago

Try these, some basic login field injections.
username: 'or' 1=1
password: 'or' 1=1

username: 1' 1=1 --
password: anything

To understand these at a very basic level visit http://sechow.com/bricks/do...