From 1209507c81eff55e3d8ea75bba3847bd2a365b1d Mon Sep 17 00:00:00 2001
From: OPSXCQ <opsxcq@strm.sh>
Date: Mon, 2 Jan 2017 19:31:58 -0200
Subject: [PATCH] No... I am your father

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index a5fba8a..b0e1692 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,15 @@ To login you can use the following credentials:
   * Username: admin
   * Password: password
 
+## Hack and have fun !
+
+If you are playing it in low dificulty, just to have a taste of how exploit a flaw in this app, go to ```SQL Injection``` in the left menu.
+In the id field, add this query ```%' and 1=0 union select null, concat(first_name,'|',last_name,'|',user,'|',password) from users #```
+
+![sqli](sqli.png)
+
+There are several other ways and other vulnerabilities do exploit, go ahead, have fun !
+
 ## About DVWA
 
 You can visit DVWA [official website](http://www.dvwa.co.uk/) and official [github repository](https://github.com/ethicalhack3r/DVWA) if you want more information