hi, this one is a simple writeup for MHL Labs called Food Store, which is a lab designed to learn how sqli can also happen in android app
first, i decompiled the apk to understand the logic behind it using jadx

i focused on understanding the signup activity because the challenge instruction said so
i found another class that handles the database logic: dbhelper

in dbhelper, i saw the query that runs when a user submits the signup form
after that, i tried to manipulate the query by injecting payload into the username field to set ispro to 1. the payload i used was
hacker', 'password123', 'testing', 1); --
the user was created successfully
but when i tried to log in with those credentials (hacker:password123), the app crashed

that meant i missed something. i checked dbhelper again and found that the password and address fields are encoded before being sent to the database
this means my first payload bypassed the encoding logic and stored the values as plaintext, which caused an error during login
so i changed my payload to include base64-encoded values for the password and address fields

my payload now is like this
hackertest123', 'cGFzc3dvcmQxMjM=', 'cGFzc3dvcmQxMjM=', 1); --
and i try to signup one more time

and signup success
after that i try to log in with
hackertest123:password123
and i successfully logged in as a pro user
done