0

I am working on Hack the VM (hard machine) for my OSCP preparation

There is a web app with two drop down boxes.. Year and month.. both contain numbers and a submit to fetch data from DB based on year and month

Now when I change the month value from 2,3,4,5 etc to /

I get this as an error

"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND MONTH(our_date) = 1 ORDER BY our_date DESC' at line 1

Which I believe is error based SQL injection

THe problem is when I try this in SQLMAP, I tried to increase the risk and level.. I dont get the parameter is injectable..

If i change value of month to 1' OR 1 = 1# , I get 502 bad gateway

How could I move on?

I read this link but not so helpful.

https://stackoverflow.com/questions/54809948/mariadb-sql-injection

Badddy
  • 43
  • 1
  • 4
  • Seems like there are a couple questions in here. The first one is getting the query to run under normal circumstances. For that, my understanding is that the MONTH function accepts a date string, not a integer. For the second question (assuming the web app is not escaping input), `1=1` is not a one size fits all injection. It is more of something you can use to see if websites are easily vulnerable(i.e. a bot would be programmed to use it). A targeted attack will require you to think about how the query is constructed, and how to break it. – iraleigh Jul 17 '20 at 21:51
  • @iraleigh yea i know that but how to find the querynia main udz..seems loike this query takesmijnput frol another query – Badddy Jul 17 '20 at 22:59

0 Answers0