Can you finish all these SQL injection challenges?
My friend created a website where we can store secrets... Unfortunately, we can only see our own. Help me find all of my friend's secrets.
I think an administrator blocked my account. Can you help me steal someone else's account?
: There are
flags in this challenge.
Level 3 - The Blacklist Saga (Part 1)
Time for bug bounties! This multinational technology company has been hacked so many times, we might be able find a new bug and make some money out of it...
Level 4 - The Blacklist Saga (Part 2)
Seems like our previous bug has been patched now... Let's double check that they did their job properly.
Level 5 - The Blacklist Saga (Part 3)
These developers are sloppy... They claim that their website is secure now (for the second time), I hope they are right this time...
Level 6 - The Blacklist Saga (Part 4)
I'm starting to believe that these developers are complete idiots. They just claimed that blacklisting single-quotes and double-quotes solve every SQL injection issue.
Let's prove them wrong.
My teacher has this weird website. I doubt there's any useful information in the database. Maybe we can leak the /etc/passwd or
Level 8 - The Final Challenge
I have no idea how I landed here, but this website is making me doubt everything I know.
Is global warming real???
Can Trump control the weather???
Is the Earth flat???
There's only one way to find out : let's pop a shell.