SQLol - Challenge 2 - The Failure of Quote Filters
Many people sanitize or remove single quotes in their Web applications to prevent SQL injection attacks. While this can be effective against injection into string parameters, it is ineffective at preventing injection into parameters which are not quote delimited, like integers or datetime values. This places restrictions on how your injection string can be written, but does not present much of an obstacle to an attacker.
Your objective is to find the table of social security numbers present in the database and extract its information.
PARAMETERS:
Query Type - SELECT query
Injection Type - Integer value in WHERE clause
Method - GET
Sanitization - Single quotes removed
Output - All results, verbose error messages, query shown