SQLol - Challenge 12 - XSSQLi
The contents of the database are usually considered to be trusted. Some mass attackers have taken advantage of this fact and launched mass SQL injection attacks which not only steal the contents of the database but which also place <script> tags pointing to malicious Javascript in all rows of the database in the hopes that they will be presented to users of the site.
Your objective is to use an SQL injection flaw to execute a reflected cross-site scripting attack.
PARAMETERS:
Query Type - SELECT query
Injection Type - String value in WHERE clause
Method - POST
Sanitization - None
Output - One row, verbose error messages, query not shown