Homework Sourse Homework Sourse

Suppose a login page has a user and password field and which

Suppose a login page has a user and password field and which uses the following database query to validate the user and password.

Show what string(s) you can use in the user and password fields to guarantee access to the database.

Solution

$user -> \'0 or 1=1\'

$pass -> \'0 or 1=1\'

Explanation

This means ((either email =0 or 1=1) and (either pass = 0 or 1=1))

1=1 is always true. So, this condition will be passed all the time.

The validation will be skipped for email and pass as well since 1=1 is already passed.

This way when we add 1=1 with or in the input string, it will guarantee access and it is known as SQL Injection.

Suppose a login page has a user and password field and which uses the following database query to validate the user and password. Show what string(s) you can u

Get Help Now

Submit a Take Down Notice
Tutor
Tutor: Dr Jack
Most rated tutor on our site