SQL Injection | Task 2
web 𖧹 ??pts
Problem Statement
Prerequisites
- sqlmap (automated sql injection) (basic usage enough)
Solution
Upon opening the website, we will be presented with two user account options.
After poking around a bit, sign up and sign in options were not really interesting to me. (welp, spoilers :3)
So I created an account and logged into the website. I can see various food items with each of them having a ‘add to cart’ button.
Clicking the ‘add to cart’ button, we get redirected to a new page. (And now if you look around the URL, you won’t be able to hold the temptation to check whether the params are vulnerable or not 😁 more on it later)
So, I copied the request headers and spawned sqlmap to do the rest thing for me.
nano request.txt
sqlmap -r request.txt --batch
--batch flag automatically fills the default values for you. It won’t ask you anything. Read more about the usage hereAfter a while, sqlmap bro finally finished its work
I tried to dump the database but it wasn’t successful (not sure why). So, I ran a scan over the ?q= parameter
Voila! Within a few seconds sqlmap bro dumped the entire db 😎
After having everything, I looked into the db dump and submitted the required flags.
Conclusion
- The instances were down after I reached home so I have provided screenshots from my screen recording. And its got a bit messy.
Credits
Hashnode - for the amazing platform
BUBT AI Community - for the arrangement of CTF contest