https://craizy.dev/techniques/sql-injection/ Recent content in SQL Injection on crAIzy.dev https://craizy.dev/img/htb-default.png https://craizy.dev/ Hugo en Tue, 28 Apr 2026 15:20:00 +0300 https://craizy.dev/writeups/sequel/ Tue, 28 Apr 2026 15:20:00 +0300 crAIzysql-injection https://craizy.dev/writeups/sequel/ MariaDB root with no password on port 3306 — from initial banner grab to database enumeration to flag extraction, no exploit required. https://craizy.dev/writeups/appointment/ Tue, 28 Apr 2026 14:30:00 +0300 crAIzysql-injectiondirectory-busting https://craizy.dev/writeups/appointment/ SQL injection in a login form — `' OR '1'='1` as username turns authentication into a formality and exposes the flag in one request.