⌘Ctrlk

Writeups
- Easy Machines
- Walkthroughs: Easy
  CC: Steganography
  Cryptography for Dummies
  Cross-site Scripting
  SQL Injection Lab
  SQL Injection
  ZTH: Web 2
  SSRF
  XXE
  Authenticate
  Injection
  Blaster
  The Cod Caper
  Hardening Basics Part 1
  What the Shell?
  Game Zone
  Upload Vulnerabilities
  Bolt
  Erit Securus 1
  CC: Pentesting
  JavaScript Basics
  OverPass 2 - Hacked
  Linux: Local Enumeration
  Ice
  Linux Backdoors
  Avengers Blog
  DNS in Detail
  Putting it all together
  Kenobi
  Common Linux Privesc
  Network Services 2
  Network Services
  The Hacker Methodology
  The Find command
  HTTP in Detail
  Web Fundamentals
  How Websites Work
  Introductory Networking
- Challenges (CTF): Easy
- 1 Difficulty Rating

Powered by GitBook

TryHackMe
Walkthroughs: Easy

SQL Injection Lab

Introduction

Introduction to SQL Injection: Part 1

Lets check the webpage

Challenge 1

Lets click on the first challenge

Lets use 1 or 1=1-- as the ProfileID and pass as the Password

Lets hit login

We have the flag, lets go to the second challenge

Challenge 2

This form only accepts strings, so lets use strings 1' or '1'='1'-- - in the username and pass in the password.

We have the flag, lets go to the next challenge

Challenge 3

The login form is being checked, so exploit the URL and we can do that by going to this URL (add it in the end of the current URL)

Now lets go to this URL

We have the flag, lets go to the next challenge

Challenge 4

Lets use burp to capture the login request with random credentials

Now lets change the profileID parameter.

Now lets forward the request

We have the flag.

Introduction to SQL Injection: Part 2

Lets check the webpage

Lets login with the given credentials

Lets go to the Edit Profile page

Lets use this sql query to exploit this form

Lets click Change

We have the flag

PreviousCross-site Scripting NextSQL Injection

Last updated 4 years ago

Introduction
Introduction to SQL Injection: Part 1
Challenge 1
Challenge 2
Challenge 3
Challenge 4
Introduction to SQL Injection: Part 2

login?profileID=-1' or 1=1-- -&password=a

',nickName=(SELECT group_concat(id || "," || author|| "," || secret|| ":") from secrets),email='