Forum Discussion
Secure Testing: SQL Injection
- 2 months ago
I'm going to make this as easy as possible without actually giving you the answer. The reason being is because once people see the answer they will be able to better understand the problem in the future.
A variation of this will be used for the final 2 answers in the email field. This is the exact query that you have to edit in the lab.
SELECT * FROM users WHERE username='' or username='admin' --' and password='testing123'
All of the ' in this query are single quotes except 1. The 2nd ' after username in the initial query is a backtick the character that breaks the query. They try to help you understand this with the question prior with how they only needed the ` (backtick) to get the same error. I didn't know which one was the backtick originally. Once I knew it becomes more obvious that they are pointing you towards that character. The second piece of information that will wrap this up for you is the statement where it says sometimes it's useful to use the URL encoded equivalent. This information will get you the second to last question.
Adjust the second to last query with the specified username instead and you will have the final answer.
Hope that helps!
Hi SureshKumar, thanks for starting a discussion about this. I'll share this with the lab author to check and update you.
In the meantime, I can see that tc234e has recently completed the lab, along with others. I wonder if they can offer any hints or speak of their experience with the lab?
It appears this maybe a sporadic issue. I have completed the lab using the information in the Briefing, until I get to question 7.
Nothing I provide will allow me to access the site as the user.
- PersephoneHexworth7 months agoAlumni
Hey Robert_JOHN! Hope you're having a great week! Similar to what NyePrior stated earlier, what payload(s) are you trying in the username and/or password fields of the application? This will help with troubleshooting!
- KieranRowley7 months ago
Community Manager
Thanks for the extra information, I will log a ticket with support on your behalf