..
Let’s try with single quote
The entry was added but it’s not showing anything which mean we found the SQLi
Now we have to find the correct syntax so we can see the output of the sqli on the webpage
’,’’);
As you can see with ’,’’); we could add a blank entry in the blog
’, sqlite_version());
’, (SELECT name FROM sqlite_master WHERE type=’table’));
Table name is blog, using this method you can enumerate it further.
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments