The article describes exploiting SQL injection vulnerabilities in a database application called Light by injecting payloads through the username field. It illustrates the process of bypassing filtering mechanisms and successfully retrieving database information using UNION-based attacks. #SQLInjection #LightDatabase
Keypoints
- The application is vulnerable to SQL injection via the username input field.
- Filtering mechanisms are case-sensitive and may block certain SQL keywords based on case.
- Attackers used UNION SELECT statements to extract database version and table data.
- The applicationβs lack of input sanitization allows for successful injection of malicious queries.
- Multiple attempts demonstrate how SQL injection can reveal sensitive information like passwords.
Read More: https://infosecwriteups.com/light-tryhackme-walkthrough-46440619060b?source=rssβ-7b722bfd1b8dβ4