Dojo #16
by YesWeHack
drag_indicator
drag_indicator
drag_indicator
Blind SQL Injection hardstuck in the LIMIT statment - DOJO #16 (Until 01/04/2022)
Submit your solution HERE for a chance to win an exclusive swag pack! :D
Description
This code runs a SQL statment where it collects some data from the table users with a LIMIT statment that is controlled by user input.
What can go wrong ?! :)
...
Most of the time when your able to inject a value inside the LIMIT statment. The backend code checks if the user input is an (int) type. Ex: (int) LIMIT = $nr. This makes it a lot harder to exploit.
Does this code really filter the user input to (int) type values? ;)
Hint
- Space is almost never needed when you got a keyboard full of special chars anyway. You will be suprised how much you can do with the "limitation" your facing. Be creative, your a hacker, aren't you?
Use this when you stuck!
Links
- https://owasp.org/www-community/attacks/SQL_Injection - OWASP, "SQL Injection"
- https://portswigger.net/web-security/sql-injection/cheat-sheet - Portswigger, "SQL injection cheat sheet"
- https://www.sqlite.org/docs.html - Sqlite, "SQLite Documentation"
Goal
- Get the
passwordfrom the admin user who has theid = 1
Rules
- BruteForce is NOT allowed.
drag_indicator
INPUT
OUTPUT
drag_indicator
drag_indicator