Completely Stumped

It seems that you just don’t know how to exploit a SQL vulnerability manually
If you had known how to do so, you’ll know that there is a main thing to do after you found a SQLi possibility
Check some tutorial on google, they are so many!
Good luck ;)

I’ve exploited manually before, using OWASP bricks project tutorials. This is a different beast though. I updated the OP with the progress I’ve made. Any ideas Mugiwara27?

Look at the whole query that you get when you use your first injection. The 1=1 evaluates to true, but you are still left with the LIKE ‘r’. That’s why you don’t get anything, there is no username that consist of only a single ‘r’.

As for the second injection, it doesn’t work because those functions are not available for this server. There are multiple types of server and all have different functions (and syntax). It’s a good start, though. Keep playing around.

Ah, I see. So it’s no longer looking for usernames starting with r it’s now only look for r. I appreciate the affirmation that I’m going in the right direction, so if those functions aren’t available, is there any function that I could use to find out the server type so I know what type of server is running? Or do I just have to keep guessing?

Google can be a great help, but you don’t really need any special functions.

OK, I’ve been googling the crap out of it and nothing so far. I’ve tried .version, version, version() and the same variations for help. Guess I’ll keep plugging away unless you think there’s a different function I should try.

EDIT:

Just discovered the database version and got a version function to work! Now to find how to dump all the contents…

So I’ve made it a bit further, but nothing on google has helped me. I can now get information from the table ‘members’ using this query:

UNION ALL SELECT sql,2 FROM sqlite_master WHERE name=‘members’ –
shows columns ‘username’ ‘password’ and ‘admin’

But I cannot for the life of me figure out what I need to add to list any of the columns. I don’t have any experience with sqlite databases, so if someone could give me even just an article that has the information I need I’d really appreciate it.

You seem to be overcomplicating it. There is no need to know anything about sqlite. All you need is (very) basic SQL.

Really? Well I know I need the >> UNION SELECT query, and that I need to specify where I’m getting the data from, how do I get the data from the columns then?

EDIT
OK I managed to dump the username and password columns. the admin table just dumps a bunch of zeroes though. Any hints for finding the admin account?

EDIT Never mind. I’m about to solve it :)