5 Security Shepherd __link__ - Sql Injection Challenge
SQL Injection Challenge 5 in OWASP Security Shepherd involves exploiting a vulnerable coupon code input field to retrieve a VIP code via UNION-based SQL injection. The challenge, which stems from unsanitized user input in a SELECT query, requires injecting payloads like ' UNION SELECT coupon_code FROM coupons WHERE '1'='1
- Comment stacking:
5'/**/AND/**/1=1 - Case variation:
SeLeCt - Double encoding:
%2553ELECT
The Java source code for this challenge reveals how the query is constructed: Sql Injection Challenge 5 Security Shepherd
Submit the code
: Enter the payload into the coupon code field and click "Submit" or "Place Order". SQL Injection Challenge 5 in OWASP Security Shepherd
There are two subtypes:
- Expected: Invalid (because
'1'='2is false).