Select * from Shop where Item = $item order by ProductNum desc
I found this vulnerability within a website. To test if there's any vulnerabilities I inserted a single quotation after
itemshop_secure.php?section=
And I stumbled upon this error message
Error Query [SELECT * FROM Shop Where Item = '\' order by ProductNum desc]
every single qoute is converted to "\" and double quotation is converted to " \" "
I also tried terminating it using ";" and injected it with this query
SELECT * FROM Shop
But it just returned the same error
Error Query [SELECT * FROM Shop Where Item = 'SELECT * FROM Shop ' order by ProductNum desc]
Is there any possibility That I could Inject my own sql query? PS I tried ";" alone and it didn't showed any error unlike " ' "