Skills Assessment - SQL Injection Fundamentals = Solved

edited February 10 in Exploits

So I am currently on the the last part of the SQL Injection Fundamentals module and I have been trying multiple ways to solve it.

As I understand it, my goal is to write a web shell into the base web directory so I can get RCE to find the flag in the root directory. However, I get permission denied whenever I try to write my php shell to the default web directory location: var/www/html. This makes me think that there must be other web directory locations which I should try. Also, I am able to write my php shell to other locations such as /var/lib/mysql or /tmp, but I don't know how to make the server read the shell using that approach.

Some hints would be very much appreciated!

Update: I just got help solving it by user Nucrea. The solution to the problem exists in the url after first SQL Injection into the page.

Cheers!

Comments

  • Hi there! i'm really stuck with the Assesment, i've already pass the login, but i can't execute the shell at /tmp, would you help me?

    Thanks!

  • Type your comment> @asteri0n said:

    Hi there! i'm really stuck with the Assesment, i've already pass the login, but i can't execute the shell at /tmp, would you help me?

    Thanks!

    Hey, man! As I said.. the solution to the problem can be seen in the URL after you log in as admin - and you will find what you seek.

  • Hi Guys, can anyone please guide me, how to get past the logon page?

  • Type your comment> @rptester said:

    Hi Guys, can anyone please guide me, how to get past the logon page?

    Hey , dont overthink much on this one.

    Remember which are the ways to inject through the username and try em out !

  • Would it please to be possible to get a nudge. I have come to halt

  • edited April 13

    Type your comment> @mrjohnny786 said:

    Type your comment> @rptester said:

    Hi Guys, can anyone please guide me, how to get past the logon page?

    Hey , dont overthink much on this one.

    Remember which are the ways to inject through the username and try em out !

    I tried every single payload possibility but it doesn't work. The page just reloads and shows "Incorrect credentials" under the login form.
    Can someone help me, pls?

  • @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

  • Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

  • edited April 19

    @basti394 said:
    Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

    OKay! i'm in... but now again stuck...

  • edited April 19

    Type your comment> @blueprismo said:

    @basti394 said:
    Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

    I've also filled all the payloads in the repo in the username....

    Did you also use comments in the username?

  • @basti394 said:
    Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

    @blueprismo said:

    @basti394 said:
    Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

    DONE!! YAY

  • Type your comment> @blueprismo said:

    @basti394 said:
    Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

    @blueprismo said:

    @basti394 said:
    Type your comment> @blueprismo said:

    @basti394 I'm also like you, also crawled and found 2 dirs, tried the payload all the things scripts, no luck....

    I got it. My hint: You just have to fill a payload into the username

    DONE!! YAY

    My problem is that I can't reach the webshell via url

Sign In to comment.