CTF ringZer0ctf — sqli “Inference type”

All right! here we back again with one of interesting challenges and little one also which will put the base of methedology of scanning or checking for sqli, let’s get started…

Challenge link https://ringzer0ctf.com/challenges/52

By normal we will find a login portal or login page like the other one

Before we get started let’s put the types of sql injection to understand what we will do here:

SQL injection types:

  1. In-Band type (Error based and Union based)
  2. Out-of band type (Sending query through dns resolvers) I still trying to understand it until today 1,11,2020 D:
  3. Inference (Boolean based and Time based)

We started our testing in first type Inband but unfortunately no error message appears after inserting payloads and i trying to use union select but also no result. So the choice now is to try to boolean based by inserting true or false statements to the backend and check the response

Before we continue let’s recap something important… Logical Operations and specifically OR

False vs True → True

True vs False → True

Good, let’s continue…

The backend query is something like this

select user_data from table_name where username=’ ’ and password=’ ’

so if we insert username like this

username = ‘ admin ‘ or True or ‘

so the query will be like this

select user_data from table_name where username=’ admin ’ or True or ‘ ’ and password=’ ’

note that the result of the backend response will be:

admin’ → False statement

‘ ‘ → False

so the query will be like that

False or True or False → will lead to → True or False → lead to → True → Gaining the FLAG D:

--

--

Penetration Tester, Bug Hunter, Author of 10 CVEs, Author of multiple security tools, and more :) You can find me on Twitter @eslam3kll

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eslam Akl

Penetration Tester, Bug Hunter, Author of 10 CVEs, Author of multiple security tools, and more :) You can find me on Twitter @eslam3kll