How do you perform SQL injection on a login form that checks for email address format?

Published: 22/10/2019
How do you perform SQL injection on a login form that checks for email address format?
Source: SECURITY.STACKEXCHANGE.COM

A recent employment test prompted me to perform an SQL injection to gain access into their website. Using manual and automated (Burp) methods, I was able to find out the form is definitely vulnerable to SQL Injection attacks, but every time I tried to pass any payloads into the E-mail/username field (eg: admin' or '1'='1) it kept saying "Invalid email format". Anyone know how to get around t

Read more
Related news
Comment
FACEBOOK