OWASP Top 10 - sanitize

Benjamin

05-07-2023

CTF › HackTheBox

OWASP, SQLI

CHALLENGE DESCRIPTION

Can you escape the query context and log in as admin at my super secure login page?

This challenge is based on SQL Injection

Analysis

Here is the web page we need to operate:

SQL Injection

SQL Injection is a potent attack vector that exploits insecurely built SQL queries. Attackers can manipulate input fields to execute unauthorized SQL commands, potentially exposing sensitive data or even gaining unauthorized access to databases.

Exploit

In the provided payload, I’ve used the username field to craft a SQL Injection. The payload is admin' ORDER BY 1--. Let’s break down how it works:

admin': This input is provided to the SQL query as the username. The single quote (') serves to close the existing SQL query string.
ORDER BY 1: In SQL, the ORDER BY clause is used to sort query results. Here, you’re asking the database to order the results by the first column.
--: In SQL, the double hyphen (--) signifies the start of a comment. Everything after -- is treated as a comment and ignored by the database.