During a recent application penetration test, I came across what proved to be an interesting SQL Injection (SQLi) vulnerability. This case of SQLi was interesting for a couple reasons:
- The challenges that it presented during exploitation
- The Database Management System (DBMS) that was in use.
Below, I’ll walk you through the hurdles that I encountered and how I overcame them to lead to full data extraction.