search

thomaslaurenson / startrek_payroll

A simple SQL injection vulnerable web application powered by Docker
BSD 3-Clause "New" or "Revised" License
17 stars 10 forks source link

Union SQL injection attacks not working #3

Closed thomaslaurenson closed 1 year ago

thomaslaurenson commented 1 year ago

Fix the UNION SQL injection attacks that work on the Metasploitable version. For example, the following payloads:

' UNION SELECT null,null,null,@@version#
' OR 1=1 UNION SELECT null,null,username,password FROM users#

https://github.com/rapid7/metasploitable3/blob/408d368b18b5e10cac3025394fa52e5941201e69/chef/cookbooks/metasploitable/files/payroll_app/payroll_app.php#L2

thomaslaurenson commented 1 year ago

User error. Adding example payloads in new push. Closing.