Lead Posted October 11 Share Posted October 11 The SQL query would become: SELECT * FROM users WHERE username = 'john' AND password = '' OR '1'='1'; Because '1'='1' is always true, the query effectively bypasses the password check, allowing the attacker to log in as any user! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now