Can you finish all these SQL injection challenges?
telegram : @itshield
My friend created a website where we can store secrets... Unfortunately, we can only see our own.
Help me find all of my friend's secrets.
I think an administrator blocked my account. Can you help me steal someone else's account?
Note: There are two flags in this challenge.
Level 3 - The Blacklist Saga (Part 1)
Time for bug bounties! This multinational technology company has been hacked so many times, we might be able
find a new bug and make some money out of it...
Level 4 - The Blacklist Saga (Part 2)
Seems like our previous bug has been patched now... Let's double check that they did their job properly.
Level 5 - The Blacklist Saga (Part 3)
These developers are sloppy... They claim that their website is secure now (for the second time),
I hope they are right this time...
Level 6 - The Blacklist Saga (Part 4)
I'm starting to believe that these developers are complete idiots. They just claimed that
blacklisting single-quotes and double-quotes solve every SQL injection issue.
Let's prove them wrong.
My teacher has this weird website. I doubt there's any useful information
in the database. Maybe we can leak the /etc/passwd file instead?