To exploit this vulnerability first we have to select one movie from the list
Once we get the movie select with itβs id we can try to inject single quote (β) to check the slqi
And we got the error now we can proceed to next step and enumerate the database as we have done in our previous sqli blogs
but you have to take care of one thing if you select movie ID which is available then it will not show you what you are looking for for ex. In this the movie ID 2 is available in the database, but 200 is not available, now if we try with 200 we will get our result
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments