Lab #2 SQL injection vulnerability allowing login bypass

In this video, we cover lab #2 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the login function. To solve the lab, we perform a SQL injection attack that bypasses authentication and allows us to log into the application as the administrator user.


🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-02/sqli-lab-02.py

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/sql-injection/lab-02/notes.txt

Web Security Academy Lab Exercise: https://portswigger.net/web-security/sql-injection/lab-login-bypass

Rana's Twitter account: https://twitter.com/rana__khalil