Project 8x: Exploit Hackazon (20 pts.)

What You Need


To practice exploiting a SQL injection.

Opening the Hackazon Page

In a Web browser, open this page:

Click any product. Then add an apostrophe to the end of the URL, so you see a SQL error message, as shown below.

Find the Admin Password Hash

Use any technique you like to exploit the server and find the admin's password hash, as shown below.

If you don't know how to start, see the References at the bottom of this page.

Turning In Your Project

Email the images to with a subject of "Project 8x from YOUR NAME".


Automated Audit using SQLMap

Last modified 2-24-18