SQL Injection (Select\GET)


To exploit this vulnerability first we have to select one movie from the list

65 66
Once we get the movie select with it’s id we can try to inject single quote (β€˜) to check the slqi 67
And we got the error now we can proceed to next step and enumerate the database as we have done in our previous sqli blogs 68
but you have to take care of one thing if you select movie ID which is available then it will not show you what you are looking for for ex. In this the movie ID 2 is available in the database, but 200 is not available, now if we try with 200 we will get our result 69 70

~ Hack the World and Stay Noob

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

Comments