Advanced SQL Injection Skills Assessment

I know this is a fairly new module but hopefully someone is able to help :slight_smile: I’m currently stuck on the first assessment question Identify and exploit the unauthenticated SQL injection.

I’ve downloaded and decompiled Pass2-1.0.3-SNAPSHOT.jar and i believe that the injection point is in an API endpoint used during the auth process. Going through the code i can see that there is a replace function that removes spaces and a number of other keywords/ special characters. I’ve managed to put together a payload which i thought would bypass this and should allow unauth login but its currently not working. I’ve done some tests in a java sandbox and its showing the bypass working //**//Or//**//1=1----//**//

Has anyone attempted this yet? would really appreciated some pointers!

1 Like

Hello,

did you succed ?
I’m stuck. I can enumerate required info on the 2 existing users but when I do apply the java function to obtain the missing piece of data in order to be able to login it tells me tthat the value is not valid.

Hey, yes i succeeded in logging in using the java function you mentioned.

I wasn’t able to complete the final question however as it looks as though the current db user has no privileges to be able to read/write or execute commands to use any of the techniques discussed in the course material. A full dump of the database also didn’t yield anything useful. The injection point for this part is an easy spot.

Hello i am stucked in the RCE part, could anyone give a little hint please? :pensive:

yep me also :frowning: I would be interested to know if anyone has got this?

Anyone managed to complete any of the skills assessment on this yet?

This is probably because you’re using the hashed password rather than the plain text one to calculate the missing piece of data…I’m stuck on the same thing…

Just for the record I finally managed to do this with a lot of help from others…the user that the app connects to the DB with has the necessary DB privileges to do what’s required and get RCE. Where i was going wrong was that my Python scripting for interacting with web apps isn’t as good as it should be, and I missed a key sentence in the learning materials.

1 Like

Hey, congrats on solving the final RCE stage. After many days battling this I would be really interested to see where I went wrong. Could i have some pointers please?

Yeah sure. Do you want to DM me? Don’t want to give any spoilers on here if I can help it.

Sure no worries, I’ve dropped you a message

2 Likes

Men i’m stuck in the login in the assessment, how can i do to bypass the spaces ?

please help me

bro please can you help me i want to contact you with dm

How to run CREATE FUNCTION on vulnerable parameter?

Hello everyone,
I’ve been stuck on this module for quite some time. In the second part of Skill Assessment. (RCE).
I’ve done a lot of debugging but I still have a problem.
A little help wouldn’t go amiss.

Ive been stuck on this skills assessment for a few weeks. Can anyone help me with the log in portion?

Hey, need help. Stuck on second part of final assessment. Found where to exploit SQLI, but problem on stage with CREATE FUNCTION to run reverse shell. Like there is an error, but which - no idea. Could anyone help with this? could someone provide an advice how to process with this?

UPDATED: by great help of sirius3000 I found the problem and solution.
P.S. CHECK EVERY QUERY VERY CAREFUL.

1 Like