Help me with this SQLi

Hey
I'm trying to solve a ctf challenge where i have to sign in as an admin
The login form is vulnerable to sql injection because when I type a single quote ( ' ) it shows this error :
--------------------------
Traceback (most recent call last):
File "./main.py", line 145, in do_login
if cur.execute('SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')) == 0:
File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 250, in execute
self.errorhandler(self, exc, value)
File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
raise errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''''' at line 1")
---------------------------

The problem is when i try to inject it or type any payload it handles it as a regular input and shows a message " unknown user "

When I type : ' OR 1='1
It shows a message " invalid password "
Which means that the username is correct and i don't know how .
Sorry but i'm a beginner
I will appreciate your answers

0xRick

Tagged:

Comments

  • Take a look here : https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/ if the way is to bypass the Auth then that's what you need.

    If it needs manipulating the injection point to dump the data's or cookie manipulation oh well that's another story.

    Frey

Sign In or Register to comment.