While prepping for AWAE, i decided to try and play around with BWAPP. However, perhaps because the project is slightly outdated, there are some challenges that are unable to be done.
I will be blogging about my solutions/work-arounds for some of the challenges I faced.
SQL Injection (GET/Search) Medium/Hard:
This challenge tries to bypass the html addslashes call. User input is sanitized by passing through the addslashes function. This function will add a backslash in front of single quotes, thus preventing SQL injection. Most/all of the searches mention that to bypass this, append a “0xbf” before the single quotes. This is because in hex, the backslash character is 0x5C and “0xbf\0x5c\” will be interpreted as a character. Thus making the backslash ineffective!!
However there’s a catch! It only works for a few SQL character sets.
Hence…. in order to solve the challenge, i edited the source code of the server. Below is what i edited in sqli_1.php:
And with this i was able to solve the challenge!
I have pmed the author of BWAPP but unable to get any reply…
Please do let me know if u manage to solve this challenge without “cheating”.
