[1/5]  Task 1: Basic SQL

Task Description

Imagine there are at least two tables in the database, "xss_userbasic" and "xss_userdetail". Below, you have an input box where you can enter a user id to retrieve the user's name from the "xss_userbasic" table.

Let's suppose we have some initial knowledge that the admin's id is 110, and Alice's id is 0. The "xss_userdetail" table contains user-specific details, including fields like "email", "password", etc., alongside the user's "id" field.

Now, consider your friend Mallory, who's information is also in this database, and you're interested in uncovering Mallory's password (and others).

Task Objective

Exploit SQL Injection to reveal the password database, i.e., use the query box below to show the passwords of all users in the database.

Your Target

1. 1. Review the Python code to see how the application uses user input in the SQL statement.
2. 2. Can we put something different in the query?
3. 3. Alright, one last hint: use "UNION"