Ainsley Woo - Hack the Threat | Cybersecurity Portfolio

Connection Information

Objective

Bypass the login form using SQL injection to retrieve the admin flag.

Scenario

You discover a login portal for a company's internal admin panel. The form looks vulnerable to SQL injection. Your mission is to exploit this vulnerability to gain unauthorized access and capture the flag.

Hints

Hint 1

Try testing the input fields with special characters like single quotes

Hint 2

Think about how SQL queries are constructed for authentication

Hint 3

The classic ` OR 1=1-- ` might be your friend here

Spoiler Warning: The solution below contains the complete walkthrough. Try to solve the challenge yourself first!

Solution

This challenge demonstrates a classic SQL injection vulnerability in a login form where user input is not properly sanitized.

Step 1: Identify the Vulnerability

Test the login form by entering a single quote (') in the username field. If you receive a SQL error, the application is vulnerable.

Step 2: Craft the Payload

Use a SQL injection payload to bypass authentication. The application constructs a query like: SELECT * FROM users WHERE username='[input]' AND password='[input]'

step-2.sh

Username: admin' OR '1'='1'--
Password: anything

Step 3: Retrieve the Flag

Once logged in, navigate to the admin dashboard where the flag is displayed.

Flag

CTF{sql_1nj3ct10n_1s_d4ng3r0us}

Key Learnings

Always use parameterized queries or prepared statements

Never trust user input - validate and sanitize all data

SQL injection can lead to complete database compromise

Input validation on both client and server side is essential

Back to All Challenges

SQL Injection Playground

Connection Information

Objective

Scenario

Hints

Solution

Step 1: Identify the Vulnerability

Step 2: Craft the Payload

Step 3: Retrieve the Flag

Flag

Key Learnings

Solution

Step 1: Identify the Vulnerability

Step 2: Craft the Payload

Step 3: Retrieve the Flag

Flag

Key Learnings