Pentesting of Authentication Bypass via SQL-Injection with Burpsuite Intruder

A login process containing SQL injection vulnerability can be bypassed by attackers. They need to manipulate username or password parameters and thus access to the application (even as administrator) without knowing the original user credentials. This is known as “Authentication Bypass via SQL-Injection”. In this post, I want to explain how a penetration tester can [...]