Bypassing addslashes() using format string to get SQL Injection | Baby-sql @ HackTheBox
Вставка
- Опубліковано 30 чер 2024
- Baby sql is a Medium difficulty Web challenge from @HackTheBox . In this video we are going to exploit a format string vulnerability in order to bypass the PHP addslashes() function and obtain SQL Injection against the target.
=== Timestamp ===
00:00 Intro
00:44 Source code analysis
01:36 Creating a local copy of the script to debug
02:02 Hosting with PHP the debug page and testing that it works
02:23 Testing the behaviour of the program
02:45 Documenting about the addslashes() PHP function
03:23 Documenting about the vsprintf() PHP function
03:44 Format string 101
04:08 Discovering a format string vulnerability
04:28 Finding a way to bypass addslashes() and evade the query
04:55 Searching a suitable SQL Injection attack
05:31 Failing dumping tables because error-based subquery returns more then 1 row
05:27 Dumping tables, rows and the final flag
06:45 Outro
If you enjoyed the video leave a like and subscribe to my channel!
For writeups in text format or other articles related to Ethical Hacking go to my blog: maoutis.github.io/
---
Would you like to support my work? Offer me a virtual coffee :)
www.buymeacoffee.com/0xbro
Check out my socials:
Twitter: / 0xbro1
Linkedin: / mattia-0xbro-brollo-b4... - Наука та технологія
Awesome man!
Thanks bro! I appreciate it :)