02 - SQL injection vulnerability allowing login bypass

This lab contains a SQL injection vulnerability in the login function. To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.

Given : Injection point (Login function)
End goal : Log in to the application as the administrator user

as the challenge suggested there is a sql injection in login function. let assume the possible sql query -

SELECT * FROM users WHERE username = 'user_input' AND password = 'user_input'

lets start the lab by clicking on the "ACCESS THE LAB" button. on right upper side ther is a option for login

After clicking on my account we got a login page. We have to login as the administrator user. remember the query

SELECT * FROM users WHERE username = 'user_input' AND password = 'user_input'

we can put administrator' -- in the username and anything in password. So the query in backend would be -

SELECT * FROM users WHERE username = 'administrator' --' AND password = '123' The comment after the administrator will comment out the rest of the query so password doesnt matter.

Lab solved :

Prev Next

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell