Challenge 3 Explanation: SQL
Explanation: When dealing with user input, it is always a good idea to sanitize the input before accepting it. Taking user input and processing it without sanitizing it first can lead to vulnerabilities, such as the SQL injection you just exploited. When creating anything from a login page to a comment box, you should always sanitize user input before processing or storing input.
Below is a step-by-step guide of how to answer the questions and complete the challenge.
Recall the syntax and structure of SQL statements, which we discussed in the lesson: “SELECT row FROM table WHERE column = 'query'”. With this in mind, we can see that this statement, “SELECT password FROM passwordTable _______ password = userInput,” is missing “WHERE.”
Again, we must remember what we learned in the lesson; for the SQL statement to return true, we either need the admin's password, which we don't know, or we need to input something else as the password that will make the SQL statement true. In the lesson we discussed a “x' OR '1'='1” statement that always returns true. We can enter this statement as the password and the login form will return true, even though we do not know the admin's password. When we click “Sign In,” we are presented with the flag.
