SQL Injection with 2 Parameters in LAN
I use cable broadband and my isp uses a captive portal to authenticate users. I was just examining the login page and saw that it php file to verify the user.
like /user_check.php?user_id=id&pass=pass . I tried to access this php directly by providing my id and pass manually the result was :
"SELECT * FROM login_master WHERE login_id = '694'pass -12341"
I tried using sql injection here but it doesn't seem to work.The pass is always appended with a '-' sign and ends with 1.
I know it is an Apache web server,database is mySQL and OS is CentOS.
How should i proceed next?
Thanks in advance.