June 12, 2026
SQL Injection 2 (APPRENTICE)
Lab 2 - SQL injection vulnerability allowing login bypass.
Nadia
2 min read
Lab 2 - SQL injection vulnerability allowing login bypass.
This lab contains a SQL injection vulnerability in the login function. To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.
Solution
1.Step 1: You need to click the orange button that says "Access the Lab" on the home page.
- Step 2: After that, you will be directed to the lab's website, then select "My Account," and you will see the login page with fields for your username and password.
- Step 3: First, you need to understand how a standard login query works: SELECT firstname FROM users WHERE username = 'admin' AND password = 'admin' . This means that both conditions (username and password) must be correct for the login to succeed.
Next, perform an input test using single quotes: enter a single quote (') in the username field and enter a random password, then click "Login."
4. Step 5: The result can be seen in the following image, the page displays an internal server error. This indicates that the website is vulnerable to SQL injection because user input is inserted directly into the query without being sanitized. And the formed query is SELECT firstname FROM users WHERE username = ' ' ' AND password = 'admin' .
5. Step 5: Next, perform a comment injection test by entering (' -- ) in the username field and a random password. However, the result is still an internal server error because the username is still incorrect. The resulting query is SELECT firstname FROM users WHERE username = ' ' ' --' AND password = 'admin' .
6. Step 6: Now try entering (administrator' -- ) in the username field and a random password, and the resulting query will be SELECT firstname FROM users WHERE username = ' administrator' -- ' AND password = 'admin' . The — section is a comment in SQL, so the conditions following — will be completely ignored. Therefore, the active query is SELECT firstname FROM users WHERE username = ' administrator' .
As shown in the image below, after clicking the Log In button, the message "Your username is: administrator" will appear on the My Account page, which means you have successfully logged in as an administrator.
- Step 7: Congratulations the lab is solved.
