Lab: SQL Injection with vunerable WHERE clause

-

This lab explores the lack of sanitisation of inputs while retrieving data from a database. This can lead to disclosure of sensitive information to unauthorised individuals and pose serious risk to organisations.

I begin by visiting the site and find there are categories filters:

These filters likely query a database with a 'WHERE' clause so I click on the 'Clothing...' category and intercept the request to test:


This one I accidentally dropped instead of forwarding so I choose a category again and append it with `'+OR+1=1--` to get me all products belonging to the category regardless of any additional conditions:


Comments

Post a Comment

Popular posts from this blog

Malware Analysis Report: Sample SmokeScreen

-
Image
Basic Facts Components -         PASTA_MENTOR_PROMO_DEAL_agreement.docx.scr       (Initial Stage) [Program1.exe]      sha256 8d204db953fd7d637f8718f56fbecfbf93ebcc8e7402ce71d5c52b01689777a2       Program1.main.exe        (Second Stage) [Runs under InstallUtil.exe]      sha256 c7ce154d0ab5aec517829623f7b3b30a4e0ea6dc981fdf13134a8f263a062a9a   Malware Type: Injector/Info-Stealer  Windows PE | C# (stage 1) | Nim (stage 2)   --*--*--
Read more

[TryHackMe] BrainPan 1

-
Image
So I was selected in one of the teams Sheridan is sending for cybersci and that meant I gotta prepare myself for the challenge, and what better way to do it than try a hard lab (I should have started with something easier, but atleast the pain was a learning experience). This is my writeup for BrainPan 1, or as I like to call it Brain Pain.
Read more