Web Service & API Attacks -- SQLi

JeTondsLeGazon · April 11, 2023, 1:27pm

I have to use SQL injection on the id parameter to find the username for the user 736373 but I can’t find the solution for this, I have tried all the standard SQL injections but I have either an error or no answer for the server.

Do you have a hint for this? I have been stuck for some time …

Thanks!

h0pfr0g · April 18, 2023, 11:28am

The payload is a very basic one, what threw me off a bit is that it doesn’t use quotation marks.
Hope that helps!

JeTondsLeGazon · April 18, 2023, 1:03pm

Thank you very much for your answer!

I was mainly doing in wrong because I was wrapping my parameter into quotes (?id=“”) instead of using ‘+’ for spaces.

matt8388 · July 12, 2023, 2:02pm

Hi Guys, I’m still trying to find out how to get the username of the user in position 736373 via sqli, I tried all the payload in the below list, can you give me some hints?

benlbs · August 11, 2023, 2:35pm

I’m trying to figure this one out too. Did you get it? Can you give me a hint please?

JeTondsLeGazon · August 14, 2023, 12:50pm

Think about:

easy SQL injection (among the basic ones you first learn)
URL encoding

Combine both and you should definitely find what you are looking for.
You can use burp to ease the process.

I posted some other hints previously but I think they were removed, probably too much lol

cherrybomb · October 14, 2023, 5:53am

Does anyone have a tip? I tried editing the py and curl file, but to no avail.

cherrybomb · October 14, 2023, 5:54am

You did it?

benlbs · October 14, 2023, 10:41am

Unfortunately, no. I ended up temporarily stopping at this point to start studying for the Security+ exam. I plan on coming back to this at some point just haven’t yet. Hope you get it.

cherrybomb · October 16, 2023, 12:59am

Hey, I finded the flag!
I see the module SQL INJECTION FUNDAMENTALS again and i use the logic to find the id and always return true, see the module Subverting Query Logic

benlbs · October 16, 2023, 5:18am

Awesome! Glad you found the flag. Thanks for sharing.

ya3goobs · October 21, 2023, 5:55pm

To make it easier, the original query is roughly select * from TABLE where id = 'input' use SQL logic to find the position of 736373. What would you add to the above query to find the position of 736373?

Frog0808 · December 6, 2023, 12:30am

thnks a lot!!, i find the flag

C4RT3L · February 19, 2024, 11:12pm

use sqlmap and don’t forget to put the --dump parameter

IBlazeI · April 11, 2024, 7:51am

Not to be over complicate
The section say with a twist of SQLi, indicating we need to use some tools, example sqlmap.
Done…!!!
sqlmap -u 'http://traget_IP:PORT/?id=1' --dump

The question assumes one have some little knowledge for exploiting sql databases

ineedabetterh4ndl3 · July 24, 2024, 8:27pm

here is the an answer though i suggest to keep trying as this was fun: “” or position = 736373