/SQL-injection

SQL injection is a very popular technique used by attacker to crack database of a website. Usually occurs in MySQL language by running your own SQL query on the website.

Primary LanguageHTML

How SQL injection works? 

sql query: LP = db.execute(f"SELECT * FROM product WHERE id = '{find}' AND name = '{name}'")
name: 1'--
password: anything
conclusion: It will comment down name (password) . so without password you can get info of user.

chmod +x master.sh
./master.sh
http://127.0.0.1:5000/product/home