Category Archives: SQL Injection

Exploit – mysql_real_escape_string

Proof of Concept – mysql_real_escape_string SQL Injection Exploit
Result – Returns ALL Db records due to missing quotes around variable in query