By-Pass authentication using SQL Injection

Take a guess

Before hacking the system shown just try to guess a user name and password (bill and ben for example). Unless you are very lucky you will not get into the system.

Force an Error

If you enter a string with a single quote in it such as O'Brien for either user name or password you will get a Software Error as the SQL is invalid and cannot be parsed.

Force Entry

If you enter the string ' OR ''=' as both user name and password you can ensure that the WHERE clause always returns true. Without knowing any user names or passwords you can by-pass the log in screen. In this example you get the user name of the first person in the table.

The magic string works because it program evaluates:

SELECT name from users WHERE name='name' AND password='password'

as the 'always true' string:

SELECT name from users WHERE name='' OR ''='' AND password='' OR ''=''