DefendTheWeb Playground Challenge SQLi

DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.

I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).

As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).

Challenge SQLi / SQLi

This challenge is rated as Bronze difficulty, so it might be easy to solve. The author presents us only with a username and password form with a Login button, and a small description

Gain access to any users account“.

Judging by the name it is obviously a SQL Injection challenge. OK, so let’s just try to force an error message by issuing a single quote in the username and the password. After doing that we have the following error message:

Syntax error: SELECT * FROM users WHERE username = ”’ AND password = ‘1qaz2wsx”

Now we know what the SQL Query string is, to find username and password, Notice that as we issued a simple quote to the username, the query is empty for that. After a few attemps the following payload got us the flag.

' OR 1 -- -

So to make the username empty we simply used a single quote, and then added OR “1 — -” so that the rest of the query is ignored by the SGBD.

This was a simple one! I hope you liked this one, see you on the next challenge!

Related posts