where you can change a query to interfere with the application's logic.

**https://portswigger.net/web-security/sql-injection/lab-login-bypass**

Solution: administrator'—

This lab contains an SQL injection vulnerability in the login function.

To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.

Steps:

1. Visit: https://YOUR-SESSION.web-security-academy.net/login
2. try to inject test' and test' in user and password

so try to inject in username with administrator and reject the password field

SOLVED

What happened in the backend:

SELECT * FROM users WHERE username = 'administrator'--' AND password = ''