sqlinjection print added

This commit is contained in:
OPSXCQ 2017-01-02 19:40:03 -02:00
parent 1209507c81
commit accbd82724
No known key found for this signature in database
GPG Key ID: 9AD730FE9CDE5661
2 changed files with 3 additions and 1 deletions

View File

@ -36,7 +36,9 @@ To login you can use the following credentials:
## Hack and have fun ! ## Hack and have fun !
If you are playing it in low dificulty, just to have a taste of how exploit a flaw in this app, go to ```SQL Injection``` in the left menu. If you are playing it in low dificulty, just to have a taste of how exploit a flaw in this app, go to ```SQL Injection``` in the left menu.
In the id field, add this query ```%' and 1=0 union select null, concat(first_name,'|',last_name,'|',user,'|',password) from users #``` In the id field, add this query:
%' and 1=0 union select null, concat(user,':',password) from users #
![sqli](sqli.png) ![sqli](sqli.png)

BIN
sqli.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 231 KiB