admin' OR '1'='1 Password: anything
This works because the query becomes:
But if comments or spaces are limited, try: Sql Injection Challenge 5 Security Shepherd
Security Shepherd – SQL Injection Challenge 5 Objective Log in as the administrator ( admin ) without knowing the password. The application likely filters or blocks common SQL injection patterns, so a more subtle payload is required. Scenario Overview The vulnerable page presents a login form (username + password). Backend SQL query resembles: admin' OR '1'='1 Password: anything This works because