Basic Sql Injection | Picoctf 2017 [35] My First Sql

Hello everyone my name is John Hammond welcome back to more Pecos CTF this challenge is called my first sequel the first challenge in the web category of level 2 here 50 points it says I really need access to this website but I forgot my password and there’s no reset can you help so we can check out the website.

Open up a new tab here just like a regular forum login.

User name and password so credentials we would otherwise have to know what the hint here is have you heard about sequel injection so this is the first Pico CTF introduction to.

Sequel injection which is one of my favorite things I think one of the coolest things for hacking on the internet and stuff like.

That sequel injection is tricking a back-end web program into thinking that you are inputting data into a database that runs in the back however it’s not real data that you’re putting in you’re tricking it.

And that it’s going to take some of that data and consider it to be code so normally you’ll see queries that are trying to insert or select data from a database that’s of the the syntax.

And the style select something some kind of column or table information from a specific table where whatever column or field is something else so if you get your own input that’s kind of just being concatenated or added into the original query there is significant potential for like.

Bad things to happen that’s a vulnerability if you are just concatenate those sequel luck constants and their sequel literals so this is kind of exactly what we can assume.

This website is doing and if I wanted to just like login with please sub and a password password that’s weird not ok I don’t know why that’s not the regular login that makes no sense to me but whatever.

We can inject something into this determine if whether or not a user exists or not by getting a condition to log in that we know is always going to be true because this where clause in.

That sequel statement is running a test it is running a conditional where name is equal to something that we supply but we can inject hence sequel injection some other code or sequel into that a sequel being the language of course it’s.

Being run in the background I don’t want to baby this up but I know I should and that some people are wanting to learn this for the first time a sequel injection the magic thing the bird kind of.

Like bare bones basic test you’ll see in like sequel.

Injection challenges and tests of.

This it’s just determining can we get one thing that obviously equals another thing to return or to go through sometimes you don’t know the.

Kind of string or quotations that it’s using to determine a string and maybe using double quotes or single quotes to denote their string so you kind of have to fuzz testing which one you are trying to end because.

You’re again concatenating in your input inside of what would expect to be a string so you have to escape or end out of their string with a terminating quote.
Double quote or not continue sequel quote with.

Adding a new condition or an or statement for this we’re essentially an if clause or test clause in another condition where something is equal to obviously itself so that will that will clearly return true 1.