Skip to content

Commit 769b300

Browse files
swisskyreposwisskyrepo
committed
SQLi Auth Bypass fix example
1 parent d8e749c commit 769b300

File tree

1 file changed

+7
-4
lines changed

1 file changed

+7
-4
lines changed

SQL Injection/README.md

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -136,18 +136,21 @@ SELECT * FROM users WHERE username = 'user' AND password = 'pass';
136136
An attacker can attempt to inject malicious SQL code into the username or password fields. For instance, if the attacker types the following in the username field:
137137

138138
```sql
139-
' OR '1'='1
139+
' OR '1'='1'--
140140
```
141141

142-
And leaves the password field empty, the resulting SQL query executed might look like this:
142+
This payload is injecting an always true statement into the username field and comment the rest SQL query.
143+
The attacker can write anything in the password field because the resulting SQL query will not check it anymore.
143144

144145
```SQL
145-
SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '';
146+
SELECT * FROM users WHERE username = '' OR '1'='1'--' AND password = '';
146147
```
147148

148149
Here, `'1'='1'` is always true, which means the query could return a valid user, effectively bypassing the authentication check.
149150

150-
:warning: In this case, the database will return an array of results because it will match every users in the table. This will produce an error in the server side since it was expecting only one result. By adding a `LIMIT` clause, you can restrict the number of rows returned by the query. By submitting the following payload in the username field, you will log in as the first user in the database. Additionally, you can inject a payload in the password field while using the correct username to target a specific user.
151+
:warning: In this case, the database will return an array of results because it will match every users in the table. This will produce an error in the server side since it was expecting only one result. By adding a `LIMIT` clause, you can restrict the number of rows returned by the query.
152+
153+
By submitting the following payload in the username field, you will log in as the first user in the database. Additionally, you can inject a payload in the password field while using the correct username to target a specific user.
151154

152155
```sql
153156
' or 1=1 limit 1 --

0 commit comments

Comments
 (0)