Sqlite3

Dojo #6

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect
'##::: ##::'#######:::'######:::'#######::'##::::'##:'##::::'##:'########:'##::: ##:'########::'######::
 ###:: ##:'##.... ##:'##... ##:'##.... ##: ###::'###: ###::'###: ##.....:: ###:: ##:... ##..::'##... ##:
 ####: ##: ##:::: ##: ##:::..:: ##:::: ##: ####'####: ####'####: ##::::::: ####: ##:::: ##:::: ##:::..::
 ## ## ##: ##:::: ##: ##::::::: ##:::: ##: ## ### ##: ## ### ##: ######::: ## ## ##:::: ##::::. ######::
 ##. ####: ##:::: ##: ##::::::: ##:::: ##: ##. #: ##: ##. #: ##: ##...:::: ##. ####:::: ##:::::..... ##:
 ##:. ###: ##:::: ##: ##::: ##: ##:::: ##: ##:.:: ##: ##:.:: ##: ##::::::: ##:. ###:::: ##::::'##::: ##:
 ##::. ##:. #######::. ######::. #######:: ##:::: ##: ##:::: ##: ########: ##::. ##:::: ##::::. ######::
..::::..:::.......::::......::::.......:::..:::::..::..:::::..::........::..::::..:::::..::::::......:::

The admin password had leaked, everybody is puzzled as they thought this SQlite Database inputs were properly sanitized. Later we had a contact with the Hacker responsible for the breach so we asked him how he had been able to pull this password He replied:

"NO COMMENTS, NO PROBLEMS"

Will you be 197 enough to build a working injection to recover the admin password from the users table?

Goal:

  • Get the password of the user named admin
  • Single Query (not blind)

Hints

Hint #1
expand_more

Hint #1


CREATE TABLE `users` (
  `id` integer PRIMARY KEY,
  `username` text,
  `email` text,
  `password` text,
  `role` text
);
drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result