I have a part of a very basic login page code written in php that I want to bypass whithout already having any login.
$req="select id from USERS where login='$login' and pwd='$pass'";
$result = mysql_query($req);
If I have a user's login for example login1 that is already in the database. I just have to enter the following entries to login whithout knowing his password; what we call SQL Injection:
login="login1"
password="' OR '1'='1'"
However, I don't know how can we do to log in the page without any login or password.
Thank you in advance !