Sqlite3

Simple Login Bypass

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

The most Basic SQL injection ever

Try to find a way to login as the admin.

Goal: is_valid_password = 1

Solution

Read the solution
expand_more

$pass = ' OR '1

Explanation

By using a single quote, we can evade the string context where is injection take place and inject extra SQL expressions.

To bypass the login the boolean operator OR to do the job. Here we used OR '1' as it evaluate to true.

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result