Lead
-
Posts
3 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Lead
-
-
The SQL query would become:
SELECT * FROM users WHERE username = 'john' AND password = '' OR '1'='1';
Because
'1'='1'
is always true, the query effectively bypasses the password check, allowing the attacker to log in as any user!
SecHub
in Announcements & News
Posted
Welcome to SecHub.
This is a forum where you can learn about everything.