Sql Injection Method
This page involves utilizing a SQL Injection Attack. If you have observed the source code you have noticed that which leads us to a page “update.php”. Many of the sites are still unprotected. One can easily access the admin panel using this trick
|<a href=”update.php”><font color=”#000000″>update</font></a>|
So we’ve headed to http://www.hackthissite.org/missions/realistic/2/update.php and there we found an admin panel. But it seems to be unprotected due to SQL injection.
|username : ‘ OR ‘a’=’a
password : ‘ OR ‘a’=’a
And you have got access to a panel which has enough privilege to update the thing!!