2023/07/22 1:44PM
This lab contains a SQL injection vulnerability in the login function. To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.
Once the lab is loaded we are greeted with a shopping website.
The website has some login functionality. To solve the lab we need to perform SQL injection to login as administrator, so lets focus on the login functionality.
A common SQL query for websites to use is the following:
SELECT * FROM users WHERE username = 'administrator' AND password = 'shelled123!'
To login as the administrator we can comment out the "AND password = 'shelled123!'" part.
SELECT * FROM users WHERE username = 'administrator'-- AND password = 'shelled123!'