Tag: sql-injection

All the articles with the tag "sql-injection".

HTB Appointment — SQL Injection Skips the Lock

15 Apr, 2026

HackTheBox Appointment exploits a login form that concatenates user input directly into a SQL query. One comment character silences the password check entirely — the same structural failure that makes LLM agents vulnerable to prompt injection.

HTB Appointment — SQL Injection Skips the Lock