02-SQL Injection: documentation not accurate (SQLi does not reveal admin password)

Question

02-SQL Injection: documentation not accurate (SQLi does not reveal admin password)

mathiasconradt opened this issue 2 years ago · comments

Minor issue on the solution docs - the 02-SQL Injection.md states:

Check the response, you will see that we have successfully managed to gain access to all the data of all the users, even sensitive data like passwords, phone, addresses, etc.

However, the password nor the secret answer is part of the response.

{
	"secretQuestion": "",
	"creationDate": "2022-01-25T00:00:00.000Z",
	"address": "Ap #662-2304 Phasellus Ave",
	"secretAnswer": "",
	"email": "dolor.fusce@aol.ca",
	"country": "Germany",
	"name": "Naida Dotson",
	"authLevel": "0",
	"password": "",
	"username": "naidadotson",
	"id": "1",
	"userStatus": "active",
	"phone": "329938731"
}

Jeswin Mathai · Answer 1 · Mon Aug 15 2022 05:42:34 GMT+0800 (China Standard Time)

Thanks Mathias! We have updated the manuals with #13 . Over the next few weeks, we will be refactoring the manuals and videos to make them more explanatory.