Task 1: simple injections

When a query is composed by simply appending user input to SQL code simple injections are possible.

We consider the case of credential check studied in class: the query checks that credentials match and only in that case the user can log in.

The query is composed as

"SELECT mail, password FROM users WHERE mail = '" + Mail + "' AND password = '" + Password + "'"

Exercise

Go the vulnerable site (Username: task1 , Password: letmein) and try the simple “in-band” attacks presented in class in order to bypass authentication.

Notice that in case of an error we dump the whole query to let you understand what is going on.