SQL Injection in Authentication
Medium
#sqli
#owasp-a03
#authentication
Overview
This lab demonstrates classic SQL injection in a login form where user input is directly concatenated into a SQL query without parameterization.
Scenario
The login form sends username and password to `/api/login`. The server constructs a SQL query by directly embedding the input values into the query string.
Exploit Steps
- 01Navigate to the login page
- 02Enter username: admin' OR '1'='1' --
- 03Enter any password
- 04Submit the form and observe successful authentication as admin
routes/auth.js
// Vulnerable — string concatenation in SQL
app.post('/api/login', (req, res) => {
const { username, password } = req.body;
// ❌ Direct string interpolation
const query = `SELECT * FROM users
WHERE username = '${username}'
AND password = '${password}'`;
const user = db.query(query);
if (user) res.json({ token: generateToken(user) });
});This code contains a known vulnerability. Never deploy code like this in production. Use the Secure Mode toggle to see the remediation.