SQL Injection Lab

Introduction

Introduction to SQL Injection: Part 1

Lets check the webpage

Challenge 1

Lets click on the first challenge

Lets use 1 or 1=1-- as the ProfileID and pass as the Password

Lets hit login

We have the flag, lets go to the second challenge

Challenge 2

This form only accepts strings, so lets use strings 1' or '1'='1'-- - in the username and pass in the password.

We have the flag, lets go to the next challenge

Challenge 3

The login form is being checked, so exploit the URL and we can do that by going to this URL (add it in the end of the current URL)

Now lets go to this URL

We have the flag, lets go to the next challenge

Challenge 4

Lets use burp to capture the login request with random credentials

Now lets change the profileID parameter.

Now lets forward the request

We have the flag.

Introduction to SQL Injection: Part 2

Lets check the webpage

Lets login with the given credentials

Lets go to the Edit Profile page

Lets use this sql query to exploit this form

Lets click Change

We have the flag