Quiz Entry - updated: 2026.06.20
How does SQL injection enable authentication bypass?
By injecting SQL that makes the login query return a user row without a valid password — e.g. commenting out the password check ('--) or appending OR USERNAME='admin'.
* SQL injection auth bypass — input concatenated into the query becomes code: Bob'-- comments out the password check, so the attacker is logged in. *
Given this vulnerable query:
SELECT USERNAME FROM USER
WHERE USERNAME='[input1]' AND PASSWORD='[input2]'
Attack 1: Set input1 to Bob'--
WHERE USERNAME='Bob'-- ' AND PASSWORD='x'
The -- comments out password check, returns "Bob".
Attack 2: Set input2 to x' OR USERNAME='admin
WHERE USERNAME='Bob' AND PASSWORD='x' OR USERNAME='admin'
Returns "admin" without knowing the password.