7Haz
SQL Injection with an uninjectable URL
I was recently given a subdomain to try and exploit with SQLi: gov.ns.agency. Unlike what I would see in most tutorials, I can’t really inject parameters into the URL like I would see everywhere else.
Here’s what I tried:
At the login p…