For demonstration purposes, you can use the following inputs:
admin' AND SLEEP(5) AND '1'='1 (To simulate sleep command)admin' OR '1'='1 (To bypass authentication)For demonstration purposes, you can use the following input in the Feedback field:
'); INSERT INTO sqlbad (username, password) VALUES ('hacker', 'hackpass'); --For demonstration purposes:
Username: admin
Password: admin
Sleep Command Injection: This type of injection is used to cause a delay in the execution of a SQL query, often used to test for SQL injection vulnerabilities. In the provided login form, entering admin' AND SLEEP(5) AND '1'='1 as the username simulates a delay of 5 seconds.
Logical OR Injection: By entering admin' OR '1'='1 as the username, this injection bypasses the authentication process, as the condition '1=1' always evaluates to true.
Second Order SQL Injection: In the feedback form, entering '); INSERT INTO sqlbad (username, password) VALUES ('hacker', 'hackpass'); -- as the username demonstrates second-order SQL injection. This injects additional SQL code into the database, allowing an attacker to insert a new user with malicious credentials.