Sqlite3

Dojo #19

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

The not so limited blind SQL injection - DOJO #19 (Until 01/12/2022)

Hint

~ Sometimes the selected column quantity does not limit the injection output!

psssst The password is in a FLAG{} format!

- -Help

GOAL

BRUTE FORCE IS NOT ALLOWED!

The valid solution for the SQL injection must meet these requirements:

  • Be able to extract the email and password for the user admin.
  • The SQL injection should output the data to the screen! ;)

Example output:

Email: AdminName@yeswehack.com Password: FLAG{_Pa$$w0rd123_}


Story time

Developer Jeff rushed to make an SQL statement before the Friday beer! He left the office early and forgot that the newly written SQL code was public. This will be more than just a bad hangover for Jeff!

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result