When a query is composed by simply appending user input to SQL code simple injections are possible.
We consider the case of credential check studied in class: the query checks that credentials match and only in that case the user can log in.
The query is composed as
"SELECT mail, password FROM users WHERE mail = '" + Mail + "' AND password = '" + Password + "'"
Go the vulnerable site (Username:
task1 , Password:
letmein) and try the simple “in-band” attacks presented in class in order to bypass authentication.
Notice that in case of an error we dump the whole query to let you understand what is going on.