1

I have a database in which most or maybe even all columns are empty. Yet I have to gain access to the database via a user called Tom.

I found out that the table is called users and the query the server sends when logging in is:

SELECT user_name, password FROM users WHERE user_name =' ' and password =' '

Since I do not know if the user_name Tom and/or his password even exists I was thinking about updating or inserting it myself. Is this even possible? Insert the user_name and its password and then verify those within the same input box?

Improve this question
4
  • 3
    Where do those bizarre requirements come from? Why would you have to log-in with a user that may not even exist, and why would you “attack” your own user account which you’ve just created? You already know the credentials of your user, so the “attack” doesn’t show anything. Commented Jul 3, 2024 at 22:22
  • OP, like what @Ja1024 said, these circumstances don’t exactly make sense. Maybe do you want to make a new account called Tom to test whether you can obtain the account password with your injection assuming you only know the username Tom and not the password? Commented Jul 3, 2024 at 23:07
  • You provide only a static SQL statement but SQL injection needs a statement which gets dynamically constructed based on user input. So where exactly is the point for injection? Commented Jul 4, 2024 at 5:44
  • This CTF is trivial, you don't dump the credentials in the database (which in slightly more advanced CTFs are already properly hashed), you insert your own row in the query result. Hint: see what UNION [ALL] is for. Commented Jul 4, 2024 at 8:28

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.