root@kairos:~
  • About Me
    • 👋$ whoami
  • CTFs
    • $ ls CTFs
      • Magnet User Summit CTF 2023
      • GreyCTF'23
      • SEETF'23
      • CDDC BrainHack 2023
      • Magnet Virtual Summit CTF 2023
  • Labs
    • $ echo "TryHackMe"
      • Basic Pentesting
      • OhSINT
      • BluePrint
    • $ echo "PortSwigger Challenges"
      • SQL Injection
Powered by GitBook
On this page
  • 1. Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
  • 2. Lab: SQL injection vulnerability allowing login bypass
  1. Labs
  2. $ echo "PortSwigger Challenges"

SQL Injection

Previous$ echo "PortSwigger Challenges"

Last updated 1 year ago

Lab Writeups:

1. Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

2. Lab: SQL injection vulnerability allowing login bypass

The website had a login page, so I tried using random credentials to see if the error message would indicate anything, which it wasn't very helpful.

Moving on, I tried to add a ' character to mess up the query.

I was brought to an internal server error page which showed that there wasn't enough input filtering/validation which caused an error at the backend.

Knowing this, I entered administrator'-- to make the rest of the query to be intepreted as a comment, removing the remainder of the query.

And this made it simple to solve the lab!

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Lab: SQL injection vulnerability allowing login bypass