yet another SQL injection
Here I am again, fishing MD5 hashed passwords along with usernames, after successfully exploiting an SQL injection vulnerability in a website. “the website identity will remain enclosed at the time being due to the sensitivity of the operation”
I had to tune my injection multiple times until I was able to extract full data at once and not byte-by-byte extraction.
In order to extract the complete ~950 hashes, I wrote a small python script to automate the process.
it was a great fun 🙂
Enjoy and stay tuned for another hack!