sql injection in login. POST data could look like :
username=' or 1=1-- -&password=aaa
Log in to post a comment.