Posts: 8 Location: Canada Joined: 11.01.14 Rank: HBH Guru
Posted on 17-02-16 21:58
Hi, I'm working on different SQL injections. I'm aware it's a similar injection as the one on basic 16, but I've been having problems with it. Would I be able to message someone with what I've tried?
EDIT: I figured it out. The literal expression that the system is looking for as input is really strict: I tried multiple variations (could've sworn I tried the right answer too), but it took hours to complete because of strict comparison. I suggest if possible to make this challenge a little more flexible with the injections variations that it accepts.
Theres really nothing strict about the challenge only allowing one single injection, the one it accepts should be your second angle of attack in any real sqli scenario, if using numerical based injections fail, just to eliminate the possibility that it could be filtering the user supplied data for simple expressions like 1=1.
I've come across endless badly implemented sql/xss filters, and hastily applied 'fixes' on my travels, that admins have put in place to patch vulnerabilities on their sites, that only really limit or restrict the angle of your attack, as the actual vulnerability still exists, and can still be exploited by a change of tactics.
The sql injection part of the challenge is intended to be an example of just that kind of scenario.
The reason it only accepts a single correct answer should be obvious when you think about it, especially from a process of elimination standpoint.
Anyway, there was/is an issue with the encrypted text in the challenge link, using the one below should fix that till we push the fixes.