Tirvax
Reputation: 35
SQL injection MariaDB python CTF
I'm trying to get admin access to an app (ctf). The injection takes place in a login form in the username input. I can bypass the user but not the password (invalid username at first. After my injection, I get invalid password). I have some trouble understanding the python code related, especially the .replace('%', '%%')).
Part of the error message :
if cursor.execute('SELECT password FROM users WHERE name=\'%s\'' % request.form['name'].replace('%', '%%')) == 0:
My payload is : admin' union select 1;--
Do you have any clues?
Upvotes: 2
Views: 5712
Answers (1)
Rick James
Reputation: 142518
At least escape backslash, apostrophe, and double quote. For example, turning
admin' union select 1;--
into
admin\' union select 1;--
would have prevented this case of SQL injection.
Upvotes: 3
Related Questions
- mariadb-connector executemany throws DataError
- Executing Multiple SQL statements using execute()
- Cannot INSERT strings with Set Clause with mariadb connector (python)
- Error : "Not all parameters were used in the SQL statement" Insert and update in mariadb using Python
- Syntax formatting for SQL Insert into statements in Python 3
- MariaDb SQL Injection
- Python Maria DB Syntax
- How to execute database insert do MariaDB using Python?
- MariaDB query from python code
- Error in SQL syntax while querying in MariaDB