2 Lab SQL injection vulnerability allowing login bypass
- navigate to login page
- fire up [[burp]] suite
- Open [[burp]]
- open [[burp]] browser
- Proxy tab
- Intercept tab
- turn intercept on
- Intercept tab
- enter a generic username and password
- allow [[burp]] to intercept
- change
usernameparameter, giving it the value `administrator'-- - click forward
- should be logged in as administrator