BASIC SQL INJECTION

In this article I'll explain about the principle how to attack the website via SQL injection and I use mutillidae to try this attack.

 

First try to enter a single quote to confound the sql query logical

Now we found the sql query from the error

Then we can confound the sql query logical to bypass the log in form cause the value of name and password are true

 

Now we loged in as admin

pentest windows xp

Information gathering

I'm using nmap to looking for open port

 then I using exploitdb

but in this step im failed