OWASPBWA Virtual Machine
go to Error-based SQL Injection
1-Go to OWASP 2013 > A1-injection (SQL) > SQLi-Extract Data > User Info (SQL)
2-Make the DB server to throw an error message. Try to enter any symbols. Hint: try apostrophe.
3-Make the query return true whatever the input you enter. Hint: use true statement (‘ or 1=1).4-Make the rest of the statement as comment ( --). Write whitespace after the comment.
Q1. What is the DBMS the web application is using?
Q2. What is the query statement sent to the DB server?
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here