Sqlite3

First exfiltration

by YesWeHack

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

Time to recover some data

Bypassing a password check is nice, but being able to read arbitrary data is better.

Try to get the admin password.

Goal: recover the admin password

Hints

Hint #1

expand_more

UNION can be used to combine the results from different queries.

Solution

Read the solution

expand_more

$email =

'AND 0 UNION SELECT `username`, `password` FROM `users` WHERE `username` LIKE 'admin

Explanation

Using UNION we can merge the original query with our. Since both queries will be merged they need to have the same amount of columns. Here we ask for the username and password of all users where the username starts with 'admin'.

Adding AND 0 on the first query prevent any result, leaving us only with the results from our query.

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result