- From the OWASP Mutilliae II menu, select Login by navigating to OWASP 2013 | A1-Injection (SQL) | SQLi – Bypass Authentication | Login:
- At the Login screen, place invalid credentials into the username and password text boxes. For example, username is tester and password is tester. Before clicking the Login button, let's turn on Proxy | Interceptor.
- Switch to the Burp Proxy | Intercept tab. Turn the Interceptor on by toggling to Intercept is on.
- While Proxy | Interceptor has the request paused, insert the new payload of ' or 1=1--<space> within the username parameter and click the Login button:
- Click the Forward button. ...