Performing SQL injection
When a web page performs a search for data in the system, the url query parameters will likely be the entry point to define the behaviour of the query.
For instance, take a shop and visit the url: https://myshop.com/category1=mycategory
In a second step, modify the url and set it to https://myshop.com/category1=’or 1=1–
This is how web attacker will attempt to trick the sql filter to perform an unwanted filter
Penetrating a login form
The idea to gain access to a login form is to attempt to bypass the password verification. To do this, we can inject the sql that only validates the user and ensure the sql ignores what comes after the username.
For instance, change the username to admin’– and set a random password
the query submitted will be something like ‘select * from users where username=’admin’;