You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -2,5 +2,8 @@ If you recall, your command injection exploits typically caused _additional_ com
So far, your SQL injections have simply modified the conditions of existing SQL queries.
However, similar to how the shell has ways to chain commands (e.g., `;`, `|`, etc), some SQL queries can be chained as well!
An attacker's ability to chain SQL queries has extremely powerful potential.
For example, it allows the attacker to query completely unintended tables or completely unintended fields in tables, and leads to the types of massive data disclosures that you read about on the news.
This level will require you to figure out how to chain SQL queries in order to leak data.
