target:
- Lab URL:
- Tools Used:
browser
Burp suite
Vulnerability Summary:
Type: SQL Injection
Description:
This lab demonstrates a SQL injection vulnerability inside XML input.
The application performs a database query using user-supplied XML data without proper sanitization.
However, a weak WAF (Web Application Firewall) attempts to block common SQL injection payloads. The goal is to bypass the filter using XML encoding, extract the administrator credentials, and log in as the administrator.
Steps to Exploit:
1.Check the lab scenario and identify two possible injection points in the XML request.
2.Test the XML structure by submitting some special or sensitive characters to see whether a weak WAF or input filter exists.
3.After confirming that character filtering is present, attempt to bypass the filter and determine the number of columns in the SQL query using a UNION-based payload.
4.Once the column count is identified, use the SQL concatenation operator || to combine the username and password fields in order to extract credentials from the users table.
Remediation:
Use parameterized queries / prepared statements
Use server‑side input validation
Escape and sanitize user input
Lessons Learned:
This lab demonstrates that SQL injection can occur in XML input contexts and that weak WAF filters can often be bypassed using encoding techniques. Even if certain characters or keywords are blocked, attackers may still exploit the vulnerability by modifying the payload format. Proper defenses should rely on parameterized queries and secure query construction rather than simple input filtering.
Top comments (0)