The following is my documentation on PortSwigger’s Academy labs. End Goal: Time-delayed Blind SQL injection to steal the password of the administrator In this lab, we are tasked to log in as the administrator of the website below by exploiting SQLi. There is some legwork we have to do first before we get there, however. […]
SQL injection with filter bypass via XML encoding
The following is my documentation on Portswigger’s Academy Labs. Goal: Log into the Admin user’s account with password credentials retrieved from a hidden table by exploiting SQL injection. I will be using Burpsuite (in this case the community edition) to view proxy history and automate our payloads. To begin let us take a look at […]