Bypassing addslashes() using format string to get SQL Injection

Baby sql is a Medium difficulty Web challenge from HackTheBox. In this video we are going to exploit a format string vulnerability in order to bypass the PHP addslashes() function and obtain SQL Injection against the target.

Read the full writeup here!

https://www.youtube.com/watch?v=_ay4RyGzduw