📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • Introduction
  • Introduction to SQL Injection: Part 1
  • Challenge 1
  • Challenge 2
  • Challenge 3
  • Challenge 4
  • Introduction to SQL Injection: Part 2

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

SQL Injection Lab

PreviousCross-site ScriptingNextSQL Injection

Last updated 3 years ago

Was this helpful?

Introduction

Introduction to SQL Injection: Part 1

Lets check the webpage

Challenge 1

Lets click on the first challenge

Lets use 1 or 1=1-- as the ProfileID and pass as the Password

Lets hit login

We have the flag, lets go to the second challenge

Challenge 2

This form only accepts strings, so lets use strings 1' or '1'='1'-- - in the username and pass in the password.

We have the flag, lets go to the next challenge

Challenge 3

The login form is being checked, so exploit the URL and we can do that by going to this URL (add it in the end of the current URL)

login?profileID=-1' or 1=1-- -&password=a

Now lets go to this URL

We have the flag, lets go to the next challenge

Challenge 4

Lets use burp to capture the login request with random credentials

Now lets change the profileID parameter.

Now lets forward the request

We have the flag.

Introduction to SQL Injection: Part 2

Lets check the webpage

Lets login with the given credentials

Lets go to the Edit Profile page

Lets use this sql query to exploit this form

',nickName=(SELECT group_concat(id || "," || author|| "," || secret|| ":") from secrets),email='

Lets click Change

We have the flag