How SQL injection works? sql query: LP = db.execute(f"SELECT * FROM product WHERE id = '{find}' AND name = '{name}'") name: 1'-- password: anything conclusion: It will comment down name (password) . so without password you can get info of user. chmod +x master.sh ./master.sh http://127.0.0.1:5000/product/home
karthikeyanrathore/SQL-injection
SQL injection is a very popular technique used by attacker to crack database of a website. Usually occurs in MySQL language by running your own SQL query on the website.
HTML