SQl Injection

Saad Ahmed
Jun 17, 2019 · 2 min read

Hy Guy’s this write up is all about my SQL Injection that I found in PRIVATE program running on BugCrowd

let assume website name subdomain.private.com/registro/login. when i visit the site I saw the strange behavior this is the admin panel & the website reload it self again & again so I turn on the intercept & capture the request and tried basic bypass eg admin:admin, 1'or’1'=’1 but didn’t work there is two parm _email and _pass

I put in ’ _email parm & nothing happen but accidentally put in both _email & _pass and I got <b>Warning</b>: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near…

Image for post
Image for post

SQl Conform :D I tried to exploit further but failed there is WAF that block me to do further injection and them I remember our Awsm OLD facebook group of WEB INJECTORS https://www.facebook.com/groups/webinj3ct0rs/ where we try our best to solve Challenges ;) Still remember those golden days the group having there website with name http://www.securityidiots.com and then I am reading the SQL Injection at login panel http://www.securityidiots.com/Web-Pentest/SQL-Injection/bypass-login-using-sql-injection.html & found a bypass ' OR 1=1 /* it didn’t bypass the login and give me access instead of server disclose the password variable contain the password :V

Image for post
Image for post

Simple reported the issue to the team & this replay

Image for post
Image for post

I hope you guys like it :)

./Logout

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store