BASIC SQL INJECTION

In this article I'll explain about the principle how to attack the website via SQL injection and I use mutillidae to try this attack.

 

First try to enter a single quote to confound the sql query logical

Now we found the sql query from the error

Then we can confound the sql query logical to bypass the log in form cause the value of name and password are true

 

Now we loged in as admin