This is my CTF Writeup Part 2. Please see Part 1 here.
I moved to SQL Injection and decided to attempt SQL injection and get access to the web application database. The page displayed an option to enter User ID and get details of the user.
I moved to SQL Injection and decided to attempt SQL injection and get access to the web application database. The page displayed an option to enter User ID and get details of the user.
My first input was 1 and it
displayed first name and surname of the logged in user account.
Check for any SQL error by giving some invalid value or characters. This way, we can try to manipulate
the SQL query processing. The input was 1’
here.
In order to find out the number of columns in database table
where user details are stored, I gave the following query as input.
In the above query, UNION
is used to join a forged query to the original query. The - - or # is used to
comment out the rest of the things following the forged query. But when I tried
the same query by adding one more column (1, 2, 3), the database responded with
the below error, clearly indicating that there are only two columns.
Then I tried to find out the database details by modifying
the query to fetch database version.
When the query was updated with database () command, it
issued the database name – dvwa.
To get the table details, the following query was issued and
I got all the table names. The interesting one here was table secret.
Column details were fetched from the table ‘secret’ and I
got a secret data ‘ Superkings’. Here I am, this one was another flag.