1 supporter
Bypassing addslashes() using format stri ...

Bypassing addslashes() using format string to get SQL Injection

Feb 28, 2022

Baby sql is a Medium difficulty Web challenge from HackTheBox. In this video we are going to exploit a format string vulnerability in order to bypass the PHP addslashes() function and obtain SQL Injection against the target.

Read the full writeup here!


Enjoy this post?

Buy 0xbro a coffee

More from 0xbro