Can you finish all these SQL injection challenges?





Level 1

My friend created a website where we can store secrets... Unfortunately, we can only see our own. Help me find all of my friend's secrets.

Level 2

I think an administrator blocked my account. Can you help me steal someone else's account?

Note: There are two flags in this challenge.

Level 3 - The Blacklist Saga (Part 1)

Time for bug bounties! This multinational technology company has been hacked so many times, we might be able find a new bug and make some money out of it...

Level 4 - The Blacklist Saga (Part 2)

Seems like our previous bug has been patched now... Let's double check that they did their job properly.

Level 5 - The Blacklist Saga (Part 3)

These developers are sloppy... They claim that their website is secure now (for the second time), I hope they are right this time...

Level 6 - The Blacklist Saga (Part 4)

I'm starting to believe that these developers are complete idiots. They just claimed that blacklisting single-quotes and double-quotes solve every SQL injection issue.

Let's prove them wrong.

Level 7

My teacher has this weird website. I doubt there's any useful information in the database. Maybe we can leak the /etc/passwd or Flag file instead?

Level 8 - The Final Challenge

I have no idea how I landed here, but this website is making me doubt everything I know.
Is global warming real???
Can Trump control the weather???
Is the Earth flat???


There's only one way to find out : let's pop a shell.