Subverting Query Logic - Basic Auth Bypass

xAptive · January 15, 2023, 1:56am

I’m trying to complete the task in the HTB Academy SQL Injection module for Suberting Query Logic, where you need to bypass a login form with simple SQL injection. I was able to pass it using the comment method (which wasn’t taught yet), but I can’t get passed it using the method it wanted me to. This is the query I’m constructing:

SELECT * FROM logins WHERE username='tom' AND password = '' or '1'='1';

It almost works, but the result I get is " Login successful as user: admin ". I’m trying to login as tom, though, which is what I need to get the flag. Any idea where I’m going wrong?

neuroplastic · August 10, 2023, 6:48pm

i’m having the same problem. I can only login as tom using comments but really want to figure out how this was intended to be solved. Did you ever find the solution?

QuantumQueen · April 1, 2024, 8:25am

I used tom’ #
the executing query should look like this:

SELECT * FROM logins WHERE username='tom' #' AND password = 'something' or '1'='1';

Topic		Replies	Views
Bug or lack of understanding: SQL fundamentals assessment Academy sql-injection	1	632	October 7, 2022
Missing flag for the exercise in SQL Injection Fundamentals module's "Subverting Query Logic" section Academy	3	979	November 5, 2024
HTB ACADEMY - Skills Assessment : SQL Injection Fundamentals Challenges sqli , sql-injection , academy , skills-assessment , injection	2	2038	April 23, 2021
Help me with this SQLi Off-topic ctf , web , challenges	2	4681	November 27, 2018
SQL injection authentication bypass Off-topic	0	221	December 3, 2021

Subverting Query Logic - Basic Auth Bypass

Related topics