https://portswigger.net/web-security/sql-injection/lab-login-bypass

Info about Lab :

This lab contains a SQL injection vulnerability in the login function.

To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

Steps of solved the lab:

  1. we know the we need to test login it’s vulnerable

Screenshot_2025-04-11_02-56-23.png

we will notice at the body of request username & password

SELECT * FROM users WHERE username='administrator'&password='admin'

This the query we sent it to database

  1. we don’t have a password and we need to login with bypass the password
  2. we will use → ‘ - - to close the query and comment to ignore password paramter

Screenshot_2025-04-11_03-00-36.png

SELECT * FROM users WHERE username='administrator''--&password=admin

Screenshot_2025-04-11_03-02-22.png

🎉 Congrats! You’ve solved the lab! 🎉