Web Service & API Attacks -- SQLi

I have to use SQL injection on the id parameter to find the username for the user 736373 but I can’t find the solution for this, I have tried all the standard SQL injections but I have either an error or no answer for the server.

Do you have a hint for this? I have been stuck for some time …


The payload is a very basic one, what threw me off a bit is that it doesn’t use quotation marks.
Hope that helps!

1 Like

Thank you very much for your answer!

I was mainly doing in wrong because I was wrapping my parameter into quotes (?id=“”) instead of using ‘+’ for spaces.