SQL Injection Lab

PreviousCross-site Scripting NextSQL Injection

Last updated 3 years ago

Introduction

Introduction to SQL Injection: Part 1

Lets check the webpage

Challenge 1

Lets click on the first challenge

Lets use 1 or 1=1-- as the ProfileID and pass as the Password

Lets hit login

We have the flag, lets go to the second challenge

Challenge 2

This form only accepts strings, so lets use strings 1' or '1'='1'-- - in the username and pass in the password.

We have the flag, lets go to the next challenge

Challenge 3

The login form is being checked, so exploit the URL and we can do that by going to this URL (add it in the end of the current URL)

login?profileID=-1' or 1=1-- -&password=a

Now lets go to this URL

We have the flag, lets go to the next challenge

Challenge 4

Lets use burp to capture the login request with random credentials

Now lets change the profileID parameter.

Now lets forward the request

We have the flag.

Introduction to SQL Injection: Part 2

Lets check the webpage

Lets login with the given credentials

Lets go to the Edit Profile page

Lets use this sql query to exploit this form

',nickName=(SELECT group_concat(id || "," || author|| "," || secret|| ":") from secrets),email='

Lets click Change

We have the flag