Vulnerable Numeric Login



PHP Code:

$client = $_POST['client'];
$pin = $_POST['pin'];

$query = sprintf("SELECT * FROM clients WHERE id = %s AND pin = %s;",
                 mysqli_real_escape_string($connection, $client),
                 mysqli_real_escape_string($connection, $pin));

$result = mysqli_query($connection, $query);

if ($result->num_rows > 0)
{
    echo "Authenticated as " . $client;

    // ...
    // $_SESSION['logged_user'] = $client;
    // ...
}
else
{
    echo "Wrong client/PIN combination.";
}
            

Vulnerability:

Pass 1 OR 1=1 as PIN to get authenticated.