Introduction In this blog post, I will delve into a fascinating SQL Injection case that unfolded during a Black-box Web Penetration Test conducted for a university institution. The journey began with directory enumeration in the web application, leading me to stumble upon a portal page tucked away in the ‘/cms’ directory. Curiosity piqued, I decided […]