Portswigger - SQL injection vulnerability allowing login bypass solution

728x90

웹페이지에 로그인 기능 취약점이 있다고 administrator로 로그인을 하는 sql injection을 시도하라 한다.

웹페이지 로그인창에 들어가서 username에 administrator, password에 ' or 1=1-- 을 넣었더니

문제가 풀렸다.

728x90

Portswigger - SQL injection attack, listing the database contents on Oracle solution (0)	2023.08.02
Portswigger - SQL injection attack, listing the database contents on non-Oracle databases solution (0)	2023.07.27
Portswigger - SQL injection attack, querying the database type and version on MySQL and Microsoft solution (0)	2023.07.27
Portswigger - SQL injection attack, querying the database type and version on Oracle solution (0)	2023.07.27
Portswigger - SQL injection vulnerability in WHERE clause allowing retrieval of hidden data solution (0)	2023.07.26

#include<hack.story>