Dashboard Articles Playground Discussions More
Follow

help on SQLi level 1?

SQLi 1

jasonmonag
6 years ago

0

Im not sure if this is a spoiler because i dont really know how close i am to being correct.

I started out by just entering “x'” into the username field and it returned the following syntax error:
SELECT * FROM users WHERE username = ‘x’‘ AND password = ’‘
I was pretty happy with that almost immediately returning the names of the 'users’ list and the ‘username’ and ‘password’ values, and thought it was easy from there but my solution wasn’t working. I tried entering the following:
x';UPDATE users SET username = ‘x’, password = ‘x’;
I realized that this might not work because i didnt know what to use for the WHERE condition, sorry im relatively new to this stuff, and was wondering if i just need to find a way to update all username/password values instead of using a condition, or if i need to do something else completely with my code. Also, if there is a way to update the username /password values for all accounts, something like this
x';UPDATE users SET username = ‘x’, password = ‘x’ WHERE username = *;
please let me know how, im sorry im not well versed in SQL and am just trying to get more into it.
Thank you! any help is appreciated.

8replies
5voices
1,201views
jasonmonag
6 years ago

0

i also tried using
WHERE username = ‘admin
but that didnt work either, will keep attempting

jasonmonag
6 years ago

0

also tried using

x';UPDATE users SET username = ‘x’, password = ‘x’ WHERE username LIKE ‘a%

which also did not work

jayreap
6 years ago

0

You’re pretty close, just think about what you have to inject to get throught.
This might help you https://www.w3schools.com/sql/sql_injection.asp ;)

jasonmonag
6 years ago

0

I was actually open to that link as I saw your reply, im still not sure what i’m missing but ill keep attempting for now.

jasonmonag
6 years ago

0

just got it, way simpler than i thought haha, still confused as to why my original solution was not working?

Smyler [WHGhost]
6 years ago

0

It’s probably that the database is unique, and so accessed read only.

Dannydeleto [dannydeleto]
6 years ago | edited 6 years ago

0

You got this backend code from the server:
SELECT * FROM users WHERE username = 'x'' AND password = ''

So you did this if you entered it into the password slot and x in the username slot:
SELECT * FROM users WHERE username = 'x' AND password = 'x';UPDATE users SET username = 'x', password = 'x';'
Note the extra ‘ on the end, which breaks the injection.

It would have been there with your second solution as well. You could try null byte poisoning to get rid of it, although I think the level is looking for a particular solution.

 

Image

jasonmonag
6 years ago

0

Thank you, the help is much appreciated :) .

Reply has been removed
You must be logged in to reply to this discussion. Login
1 of 9

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss