RingZer0-2 - SQL Injection - ACL rulezzz the world
ACL rulezzz the world
Basic sqli
This time we’re confronted to a dropdown menu.
We’ll use burp to resend custom queries.
We can see that admin gives us a table with some information about the user
admin.
We’ll try the comon sqli query.
username=admin’ or true --
Very important there’s a space after the –
If we look at the render.