@notoriousclg said:
I must be severely missing something with SQL injection. I think I’ve found where the injection point is (I’ve tested 500 vs non-500 responses in 2nd-order SQLi) but I can’t exploit to get any kind of meaningful response, even boolean injection either… Anyone PM me with a hint on what I should be looking at closer?I’m all for learning and hammering away but I’m going on 4 hours of injecting on this one point and I think I’m just missing some “obvious”/“simple” thing as everyone has said earlier in this thread…
Watch “Ippsec Nightmare” on YouTube