LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

How does SQL injection enable authentication bypass?

By injecting SQL that makes the login query return a user row without a valid password — e.g. commenting out the password check ('--) or appending OR USERNAME='admin'.

SQLi auth bypass: input concatenated into the query (Bob'--) comments out the password check, returning a row.

* SQL injection auth bypass — input concatenated into the query becomes code: Bob'-- comments out the password check, so the attacker is logged in. *

Given this vulnerable query:

SELECT USERNAME FROM USER
WHERE USERNAME='[input1]' AND PASSWORD='[input2]'

Attack 1: Set input1 to Bob'--

WHERE USERNAME='Bob'-- ' AND PASSWORD='x'

The -- comments out password check, returns "Bob".

Attack 2: Set input2 to x' OR USERNAME='admin

WHERE USERNAME='Bob' AND PASSWORD='x' OR USERNAME='admin'

Returns "admin" without knowing the password.

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jun 20, 2026