- Solution: Inpect Post request in dev tools and you will see magic number at bottom with the post data.
- Goal: Return all users from the user table in the db via string injection
- Enter Smith will give you single record
- Solution:
Fart' OR '1'='1
- The above will return all users in the db even though their is no user named Fart. This is because every record will return with a true value hence the OR statement('1'='1 or true), therefore return the whole users table.