[Sony] SQL Injection Through User-Agent Header

We discussed this vulnerability during Episode 91 on 18 October 2021

The fundamental issue is as basic as it gets, one of the first attacks many budding hackers learn is ' or 1=1 in a login page. Well this was a SQLi in the username of a login form, taken a little further by enabling xp_cmdshell and gaining code execution. While its not an unheard of attack, it is uncommon to see SQL injection be so directly leveraged for RCE these days.