Back to SQLi

SQLi 00: Login Bypass

Goal: become admin without knowing the real admin password.

Hints
  • The application concatenates both username and password into one SQL query.
  • Try turning the WHERE clause into something always true.
  • The role check only happens after the query already returned a row.
Why this works

When user input is appended directly into SQL, attackers can change boolean logic in the WHERE clause and bypass authentication.