target:
- Lab URL:
- Tools Used:
browser
Burp suite
Vulnerability Summary:
Type: SQL Injection
Description:
This lab contains a SQL injection vulnerability in the login function.
To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user.
Steps to Exploit:
1.First of all, check the login interface. Then enter arbitrary values for the account and password.
2.Submit arbitrary values and use Burp to intercept the request. It's easy to find a request with the POST method. Then modify the account to administrator'--.
3.Finally, forward the request to complete the lab.
Remediation:
- Use parameterized queries (prepared statements) instead of dynamic SQL.
- Apply strict input validation on user-supplied data.
- Use least-privileged database accounts to reduce impact.
Lessons Learned:
1.Try using the administrator account to log in, and there may be a surprise.
Top comments (0)