I am working on a CTF.
I need to do a SQL injection into a dummy website. In this website when signing up there is not input clean up of any sorts for the username field, and as a friend confirmed it is the correct vulnerability to exploit.
The first statement I tried:
' OR 1=1 SELECT * FROM information_schema.tables --
And I got the following error:
Fatal error: Uncaught PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'name' at row 1 in /var/www/html/register.php:41 Stack trace: #0 /var/www/html/register.php(41): PDOStatement->execute() #1 {main} thrown in /var/www/html/register.php on line 41` which means that the website uses php and that the name column is likely of a varchar type.
I tried many other commands to retrieve additional information to find the table name which contains name. I also tried to find the number of columns with ' ORDER BY §1§ -- which using burp suite intruder substitutes the 1 with integers from 1 to 100. However all of the 100 payloads returned without an error.
Changing approach I am now trying to implement an attack using
' UNION SELECT §§ NULL, table_name FROM information_schema.tables --
And adding between §§ a NULL, for each iteration, however I can't figure out how to accomplish this with burpsuite. Now that I am writing this I think that instead of writing this question I would have saved a lot of time by doing it manually XD.
The simplest solution that came to mind would be to add a bunch of NULL, as shown in the figure but that would be as fast as doing it manually.
Other than fixing this problem, if someone had any suggestions regarding a better statement to solve the problem they would be greatly appreciated.
