When a query is composed as the concatenation of user input and SQL code, the application is vulnerable to SQL injections.
We consider the case of credential check studied in class: the query checks that credentials match and only in that case the user can log in.
The query is composed as the concatenation of strings and variables containing user input:
"SELECT mail, password FROM users WHERE mail = '" + Mail + "' AND password = '" + Password + "'"
Exercise
Start the docker container and let it run in a terminal. Go the vulnerable site (Username: task1
, Password: letmein
) and try the simple “inband” attacks presented in class in order to bypass authentication.
Notice that in case of an error we dump the whole query to let you understand what is going on.