SQLi Fundamentals Module Final Assessment

Working on the last question to this module

“Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as your answer.”

I am able to get logged in as admin, but I am not sure how to get RCE. I have tried writing a PHP shell to every location under the sun and I am not able to run the shell. There was another forum and the provided the tip to look at the URL, but I am not able to do anything with that URL. Looking for some additional help on this one!

Hey, Any hint please regarding the login bypass? Tried every possible scenario, no luck… pretty annoying.

I’m stuck at the login. I’ve tried all standard passwords (admin, password…), tried to inject Auth. Bypass with comments an OR operator, have tried quotes. No change in the output of the page: “Incorrect credentials”

A dir research showed me a database backup file with credentials. The credentials don’t work.

Any Ideas what I could try? Thank you!

Remember the possibility to comment out parts of SQL strings.

This helped a lot. Thanks :slight_smile: