Posts Tagged ‘sql’

Server-side security war games: Part 15

We're nearly at the end! This is the 2nd-last level.

We know there is a users table, with columns "username" and "password". This time, the code just checks that the username exists. There's no way to print out the data we want. Instead, we'll have to do something cleverer.
(more…)

Server-side security war games: Part 14

In level 14, we see a more traditional username & password form. Let's check the source code to see if there are holes we can slip through.
(more…)