BOOK THIS SPACE FOR AD
ARTICLE ADThis lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables. The database contains a user table, which contains the usernames and passwords of registered users. To solve the lab, perform a SQL injection attack to retrieve the admin user’s credentials, then log in to their account | Karthikeyan Nagaraj
This lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data from other tables.
The database contains a users table, which contains the usernames and passwords of registered users. To solve the lab, perform a SQL injection attack to retrieve the admin user's credentials, then log in to their account.
Solution
Capture the request of Check Stock Functionality and send it to the repeaterThe data are sent in JSON Format. The storeidparameter is vulnerable to SQL injection.Now, Inject the below payload in storeid and send the request1 UNION SELECT username || ‘~’ || password FROM usersYou will receive a warning “Attack detected”, so to bypass this, we have to encode the payload. So we gonna install a tool called Hackvertor.In Burp, Navigate to Extensions → BApp Store → Select Hackvertor → Click installAfter installation → Select the Payload → Right Click → Click Extension → Hackvertor → Encode → dec_entities or hex_entitiesThis will add the payload between the tags, that will encode the payload which bypass the firewallSend the Request, you’ll receive usernames and passwords. Use the administrator credentials to log in to admin Account to solve the lab.