Replaced single quote bypass for SQLi
I have this scenario on my lab. HTTP POST login form on a IIS server. ASP backend using MSSQL database, and a single simple query as this:
sql=”SELECT * FROM USERS_TABLE WHERE USER='” & user & “‘ AND PASS='” & pa… Continue reading Replaced single quote bypass for SQLi