Go ahead and try logging in with the following credentials:Email
Okay, so guessing the password didn't work. Let's try adding a quote character after the password:Email
Enter the following credentials and click "Log in":
' or 1=1--
Here are the application logs. Watch what happens here when you interact with the vulnerable application.
The logs show a SQL syntax error. This indicates that the quote character messed something up in an unexpected way.
SELECT * FROM users WHERE email = '#email#' AND pass = '#password#' LIMIT 1
This is what the application code looks like behind the scenes. Let's watch how the SQL code gets built as you enter your login details.
The quote is inserted directly into the SQL string, and terminates the query early. This is what caused the syntax error we saw in the logs.
This behavior indicates that the application might be vulnerable to SQL injection.
The -- characters you entered caused the database to ignore the rest of the SQL statement, allowing you to be authenticated without having to supply the real password.