1、Stage 1
Stage 1: Use String SQL Injection to bypass authentication. Use SQL injection to log in as the boss ('Neville') without using the correct password. Verify that Neville's profile can be viewed and that all functions are available (including Search, Create, and Delete).
需要使用Tamper Data工具来截获请求。在截获的Password中填入注入语句即可。
注入语句:x' or '1'='1
结果如下: