The application is doubling up all single quotation marks within user input before these are incorporated into SQL queries. You have found a SQL injection vulnerability in a numeric fi eld, but you need to use a string value in one of your attack payloads. How can you place a string in your query without using any quotation marks?
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here