CTF ringZer0ctf — Login form
CTF ringZer0ctf — sqli “Inference type”
All right! here we back again with one of interesting challenges and little one also which will put the base of methedology of scanning or checking for sqli, let’s get started…
Challenge link https://ringzer0ctf.com/challenges/52
By normal we will find a login portal or login page like the other one
Before we get started let’s put the types of sql injection to understand what we will do here:
SQL injection types:
In-Band type (Error based and Union based)
Out-of band type (Sending query through dns resolvers) I still trying to understand it until today 1,11,2020 D:
Inference (Boolean based and Time based)
We started our testing in first type Inband but unfortunately no error message appears after inserting payloads and i trying to use union select but also no result. So the choice now is to try to boolean based by inserting true or false statements to the backend and check the response
Before we continue let’s recap something important… Logical Operations and specifically OR
False vs True → True
True vs False → True
Good, let’s continue…
The backend query is something like this
select user_data from table_name where username=’ ’ and password=’ ’
so if we insert username like this
username = ‘ admin ‘ or True or ‘
so the query will be like this
select user_data from table_name where username=’ admin ’ or True or ‘ ’ and password=’ ’
note that the result of the backend response will be:
‘admin’ → False statement
‘ ‘ → False
so the query will be like that
False or True or False → will lead to → True or False → lead to → True → Gaining the FLAG D:
Last updated