Need help determining a flag?
Im doing an SQL injection assignment and I get past the login but it brings me to an HTTP ERROR 500 page. It wants me to add a flag but I dont know what kind of flag its looking for or if im even in the right place
10 Replies
Solution
I mean the solution is already there, you forgot the "admin' OR" part
omg tysm 😭 I was lowkey tripping because I thought it meant one or the other
You are welcome. I recommend reading about any kind of vulnerability you want to exploit first so you get a basic understanding of it and such stuff becomes significantly rarer
I think I was mainly confused because using just one or the other would result in a different landing page than just having the wrong credentials
It doesn't sanitize input so either way you are breaking the sql query
With the whole thing, you are breaking it... purposefully
so I did it right, just not in the very specific way it wanted?
Sql injection is when the page does not sanitize input and format the end query corrrectly. You don't gain much from breaking the query by itself.
im a grammar and logic nerd so if I see OR I think "oh so it must mean one or the other" and since it didnt have quotations around it I think you know where I got it from
Yeah it's alright.