← Back to ringzer0

This folder contains solutions for the Sqlinjection wargame from Ringzer0.

Levels

• ACL rulezzz the world
• Login portal 1
• Most basic SQLi pattern
• Po po po po postgresql
• Random Login Form

ACL rulezzz the world

here, i saw it send on post method our user. so, i send using burp-suite this user: ' or 1 --

Flag: FLAG-sdfoip340e89rfuj34woit

Next Level Writeup

---

Login portal 1

here we can’t send ;, --, # and every other comment character. so, let’s send this as username: ' or 1 or ' and password anything else, for example, a

Flag: FLAG-4f885o1dal0q1huj6eaxuatcvn

Next Level Writeup

---

Most basic SQLi pattern

here we give username: ' or 1 -- and password b.

Flag: FLAG-238974289383274893

Next Level Writeup

---

Po po po po postgresql

This is the query:

SELECT * FROM users WHERE (username = ('$username') AND ...

so, let’s give this input: ')) or 1 --

however, i get this error, because this is PostgresSQL

so, let’s give it true value instead of 1: ')) or TRUE --

Flag: FLAG-mdeq68jNN88xLB1o2m8V33Ld

Next Level Writeup

---

Random Login Form

here we need to connect as admin, so i created this user: ` admin, and the password is 123`. Then, when i login with this username, he recognize me as the admin, because it strips the spaces.

Flag: FLAG-0Kg64o8M9gPQfH45583Mc0jc3u

Next Level Writeup

---