Bug Hunter Training Ground (MariaDB)

Test your Python scanner against the parameters below.

3. User Lookup (MariaDB SQLi)

Executing: SELECT * FROM users WHERE id = 1 OR 1=1

Found User: admin (Token: FLAG{mariadb_admin_hacked})
Found User: guest (Token: FLAG{guest_token_000})

Test Links:

Test XSS (?search=...)
Test Command Injection (?ping_ip=...)
Test Normal DB Lookup (?user_id=1)
Test DB Bypass SQLi (?user_id=1 OR 1=1)
Test DB Error SQLi (?user_id=1')