Home 00 - Appointment
Post
Cancel

00 - Appointment

Posted Aug 20, 2022
By impulsado
1 min read

Intro

| Dificulty | OS | Start Date | End Date | |—|—|—|—| | Very Easy | Linux | 10/05/2022 | 10/05/2022 |

Thought process

  1. View running services with nmap.
  2. Check if there were subdirectories with the dirbust.
  3. Since it was a LogIn, see if SQL Injection can be done.

Resolution

To Login a Web is just a SELECT to the database, but if in the username you write admin’– the rest of the query is commented out and does not look for a password. SQL Injection.

Normal Login Query

1

SELECT * FROM users WHERE name='admin' and password='123456aA'

Query with SQL Injection

1

SELECT * FROM members WHERE username = 'admin'--' AND password = '123456aA'

Links

SQL Injection Cheat Sheet

Writeups, HTB, Very_Easy, Appointment
SQL_Injection
This post is licensed under CC BY 4.0 by the author.
Recently Updated