sql injection insert on duplicate key trick
TRANSCRIPT
• Login • Register • View article • Admin • Bcrypt, so couldn't get into admin panel :((
Hm!
+
Password of user 'admin' is now the same as password of user 'attacker'!
SQL Injection in INSERT is sometimes worse than SQL injection in SELECT
Lightning talk by @avlidienbrunn (Mathias Karlsson)