In this mission what we have to do is to stop the meeting of some racist group by getting into their website and posting some ill things about the meeting .
You get your first hint through the page source or alternatively by pressing ctrl+a (select all). You see a hidden link "update" at the bottom of the page which takes you to the login page. On this page you have to use SQL Injection to get into the database. When the user input is not properly filtered on a website, we can run queries on the server from the client input element by using a proper syntax. For more information visit Here . How did we deduce that we had to use SQL injection? Simple, when we enter a single quotation mark (') in the form abc' in email field we get an SQL error which means that ' is not filtered properly and the query on the server side is considering it as the terminating ' leaving an extra ' which gives up the syntax error.
Example
when we enter abc' we get something of the form
which gives the error
Utilizing the above concept we device a condition which would always be true (1=1) and append that condition to the server side query. -- indicates start of an SQL comment.
Solution - In the email field enter ' or 1=1 ;-- and press submit.
You get your first hint through the page source or alternatively by pressing ctrl+a (select all). You see a hidden link "update" at the bottom of the page which takes you to the login page. On this page you have to use SQL Injection to get into the database. When the user input is not properly filtered on a website, we can run queries on the server from the client input element by using a proper syntax. For more information visit Here . How did we deduce that we had to use SQL injection? Simple, when we enter a single quotation mark (') in the form abc' in email field we get an SQL error which means that ' is not filtered properly and the query on the server side is considering it as the terminating ' leaving an extra ' which gives up the syntax error.
Example
select xyz from def where qwe='$q';
when we enter abc' we get something of the form
select xyz from def where qwe='abc'';
which gives the error
Utilizing the above concept we device a condition which would always be true (1=1) and append that condition to the server side query. -- indicates start of an SQL comment.
Solution - In the email field enter ' or 1=1 ;-- and press submit.
No comments:
Post a Comment