Forensic

So I realized what type of SQL injection attack this is (not sure if I’m allowed to say the name of the attack in the forum) after looking at the queries but now i’m stuck on what to do after that.
Do we need to test it against a server? or do we need to get all the output of the sql queries, and compile it to get the password?

Hi!

You could start by understanding each command in the first request. After that, try to understand how these combined commands can be dangerous.

Good luck!  🙂