Post

SQL Injection — Login Bypass

Problem Statement: Exploit a vulnerable login form in a training web app.

Approach:

  1. Inspect login POST request with Burp Suite.
  2. Inject ' OR '1'='1 payload to bypass login.
  3. Extracted a username safely from the test database.

Tools Used: Burp Suite, sqlmap, local test DB

Lessons Learned: Parameterized queries prevent SQL injection; never build SQL with unsanitized input.

This post is licensed under CC BY 4.0 by the author.