Website SQL injection

Description

This project was done as one of the CTF challenges in Hack the Boo halloween event on Hack the Box. The goal was to find the SQL injetion vulnerability in website and then use it to obtain list of tables in website's Database and retrieve data from the tabel containing the flag. For some basic notes on the SQL injection you can visit my blog post here

Languages and Utilities Used

• SQL

Project walk-through:

After visiting the website I have verified the empty searh to see how the SQL query is formed:

The next step was to check if there is a possibility of SQL injection by adding the origin column into filter:

After confirming SQL injection is possible I tried to add a union select from information_schema to get list of tables that have column with word "flag" in the name:

The query revealed that there in fact is a table called "flag" that contains column "Flag"

The next step was to simply add a union select to table "Flag" to get the desired value: