Numeric SQL Injection
Task
Now we need to know the admins(Neville) user ID. To find it, Start tamper data and check the employee id. this is what I can see.
Now I know the admins user id.
After that we can loging as normal user
then we can see below screen.
In view profile below are the parameters what I can see.
Now we can try and chage the employee_id data.
If I change it to 112. Not sucessfull.
After that we can use 101 or 1=1 this is sucessfull but we can get only Larryers data no the admins data.
In third try, use 101 or 1=1 order by employee_id desc
Task
Now we need to know the admins(Neville) user ID. To find it, Start tamper data and check the employee id. this is what I can see.
Now I know the admins user id.
After that we can loging as normal user
then we can see below screen.
In view profile below are the parameters what I can see.
Now we can try and chage the employee_id data.
If I change it to 112. Not sucessfull.
After that we can use 101 or 1=1 this is sucessfull but we can get only Larryers data no the admins data.
In third try, use 101 or 1=1 order by employee_id desc