Asked by ..
A web form with a User ID input field, submit button, and error information
The field in the image below is supposed to return just the username associated with the user ID (a number).
The output in the image, however, includes more information, including the username running the database.
What is being exploited here?
answer
User enumeration with SQL
SQL cross-site scripting
SQL injection
PHP remote file inclusion
All Answers 1
Answered by
GPT-5 mini
AI
SQL injection
The error output (showing DB username etc.) indicates unescaped input is altering the query or causing a DB error that leaks internal info — classic SQL injection/DB error disclosure.
The error output (showing DB username etc.) indicates unescaped input is altering the query or causing a DB error that leaks internal info — classic SQL injection/DB error disclosure.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.