[Server-side topics] SQL injection

SQL injection (SQLi) is an Injection-based web vulnerability that allows an attacker to commit intended malicious behavior against a database by manipulating SQL queries used by web applications to query a database running on the backend. Successful exploitation of SQL Injection could allow an attacker to acquire sensitive data or privacy within the organization and, in severe cases, take full control or completely compromise the organization's data.

 

 

 

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

 

 

[Information]

 

 

 

[Problem solving]

1. Let's accessed the Lab server.

 

I selected the "Accessories" category. There was three product in it.

 

 

2. I used "Accessories' or 1=1--"  parameter to send request. After closing the category syntax through ' and making it always true through the phrase or 1=1, the back was annotated. All released accessories, including hidden ones, appeared on the screen because the number of accessories released through annotations has been invalidated.

 

These are SQL annotation types by database type.

Type	MySQL	Oracle	MSSQL	MariaDB	Sybase IQ	Sybase ASE	DB2
a one-line annotation	#	--	--	--, #	--, //, %	--	--
several lines of annotation	/* content */	/* content */	/* content */	/* content */	/* content */	/* content */	/* content */

---

 

 

 

Lab: SQL injection vulnerability allowing login bypass

 

 

[Information]

 

 

 

[Problem solving]

1. I accessed the Lab server.

 

And clicked on the "My account" hyperlink. There was a login form.

 

 

2. I puted "administrator'--" string to the Username input, "any text" to the Password input. It could access as an administrator user by typing "administrator" in the user name, closing the syntax to ' and annotating the password part.

---

 

 

 

 

 

Reference:

https://www.bugbountyclub.com/pentestgym/view/52