We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed us to find a way to display and show the SQL query sent to the database after submitting the form. We discovered that the application encloses the SQL query with double quotes. With this information in hand, we tried injecting the form with manual SQL injection payloads while enclosing them with double quotes which resulted in successful login. This was part of OverTheWire War Games Natas Level 14

Get OSCP Certificate Notes

Natas Level 15 Level Password:


Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles