PHPMyRecipes

The attacker might not have any user level access to the web application. However, this does not mean that the application cannot be compromised remotely. SQL Injection vulnerabilities could be triggered even by unauthenticated users.

In the exercise below, the attacker is unauthenticated to the web application and needs to find an SQL Injection attack on it.

A version of PHPMyRecipes is vulnerable to an SQL injection attack.

Objective: Your task is to find and exploit this vulnerability.

Solutions:

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-253.pdf

PreviousExploiting DOM-Based XSS VulnerabilitiesNextVulnerable Results Portal: Union Based SQLi

Last updated