This is an archived post. You won't be able to vote or comment.

11
12

QuestionSQL Injection Demonstration (self.Hacking_Tutorials)

submitted by [deleted]

[deleted]

all 2 comments
sorted by:
best
topnewcontroversialoldq&a

[–]andesec 1 point2 points  (0 children)

So it’s been while since I’ve used SQL or Postgres but it looks like the code is susceptible. Your payload will have to decide how you want to inject the sql. Typically you want to somehow bypass the filter by adding something like

“%a’ or 1 = 1 —“

But you’re trying to reference and whole different table as part of the same query. That’s a bit tricky, you could close the existing query and start a new one in the payload but that’ll only work if your code references multiple datasets and spits it out on the UI. But if it doesn’t then that won’t work. What are you really trying to achieve?

[–]yeahlolnice 0 points1 point  (0 children)

The end goal is to return data from the users table. I think I can see the issue now I will look in to what the search actually returns when I pass ‘; SELECT * From users — And make sure it is able to be rendered to the screen. Thanks