Principle

When logging into an application, your provided credentials are verified against the credentials stored in the database. If you submit the username of “administrator” and the password of “bluecheese”, the corresponding SQL query would be

SELECT * FROM users WHERE username = 'administrator' AND password = 'bluecheese'

However, using SQL injections, we can subvert the password checking logic by inserting an SQL comment indictor -- after the username. This would comment out the password checking logic, and log you in as the user with the name "administrator".

SELECT * FROM users WHERE username = 'administrator'--' AND password = ''

--

--