Sqlite3

Injection in INSERT

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Inserting payloads

Sometimes the injection can occur in an INSERT statement.

Goal: recover the admin password.

Hints

Hint #1
expand_more

Can you set enabled to something else ?

Hint #2
expand_more

Have you heard of nested queries ?

Solution

Read the solution
expand_more

$mail = ', (SELECT password FROM users WHERE username = 'admin')) --

Explanation

Using nested queries you can SELECT information from the database during an INSERT statement.

note: The columns types in SQLite are not enforced.

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result