Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hi.
- I have to pen test altoro mutual site(https://demo.testfire.net) for a project. The site uses DERBY DB.
- I have discovered that its login page is vulnerable to blind boolean sqli.
- I have discovered that there is a table called accounts under schemaname of APP (ie. APP.accounts).
- I typed in
- Username: admin' and (select count(user) from app.accounts where user like '%a%')>0--
- Password: anything
- This tests whether there is a user that contains a letter 'a'. If the test succeeds altoro mutual site logs in. Otherwise it says "Login Failed: We're sorry, but this username or password was not found in our system. Please try again."
- I've tried the same test but this time iterated from a-zA-Z. But it never succeeds in logging in which tells me that maybe Username is not English alphabet. But this is unlikely.
- So my problem is I don't know why LIKE operator doesn't return a result that is expected.
- I also tried
- Username: admin' and (select count(user) from app.accounts where user not like '%a%')>0--
- Password: anything
- And this time every iteration of a-zA-Z logs in. So this result also tells me Username does not contain a letter.
- Lastly this one works (it logs in)
- Username: admin' and (select count(user) from app.accounts where user like '%')>0--
- Password: anything
- Can you help me why LIKE operator fails when user LIKE '%a%' and so on?
- THX
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement