A3:2021 | SQL Injection Intro (10) | Cycubix Docs

The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection. Learn more about Numeric SQL Injection.

Try It! Numeric SQL injection

The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:

"SELECT * FROM user_data WHERE login_count = " + Login_Count + " AND userid = "  + User_ID;

Using the two Input Fields below, try to retrieve all the data from the users table.

Warning: Only one of these fields is susceptible to SQL Injection. You need to find out which, to successfully retrieve all the data.

Solution

The User_ID at the end is not part of the STRING so its going to be our vulnerable field.
We need to find statements that follows a technique for evaluating truth. We can insert 0 in the loging account and 1 OR 0=0.
Hint: You do not need to insert any quotations into your injection-string.
Login_count: 0

Further training

Visit Cycubix.com to find out more about our Application Security training courses. We also offer (ISC)² Official training for CISSP, SSCP, CCSP and CSSLP certifications.

PreviousA3:2021 | SQL Injection Intro (9) | Cycubix Docs NextA3:2021 | SQL Injection Intro (11) | Cycubix Docs

Last updated 25 days ago