Web Service & API Attacks -- SQLi

JeTondsLeGazon · April 11, 2023, 1:27pm

I have to use SQL injection on the id parameter to find the username for the user 736373 but I can’t find the solution for this, I have tried all the standard SQL injections but I have either an error or no answer for the server.

Do you have a hint for this? I have been stuck for some time …

Thanks!

h0pfr0g · April 18, 2023, 11:28am

The payload is a very basic one, what threw me off a bit is that it doesn’t use quotation marks.
Hope that helps!

JeTondsLeGazon · April 18, 2023, 1:03pm

Thank you very much for your answer!

I was mainly doing in wrong because I was wrapping my parameter into quotes (?id=“”) instead of using ‘+’ for spaces.