BWAPP SQL (GET/SEARCH)

While prepping for AWAE, i decided to try and play around with BWAPP. However, perhaps because the project is slightly outdated, there are some challenges that are unable to be done.

I will be blogging about my solutions/work-arounds for some of the challenges I faced.

SQL Injection (GET/Search) Medium/Hard:

This challenge tries to bypass the html addslashes call. User input is sanitized by passing through the addslashes function. This function will add a backslash in front of single quotes, thus preventing SQL injection. Most/all of the searches mention that to bypass this, append a “0xbf” before the single quotes. This is because in hex, the backslash character is 0x5C and “0xbf\0x5c\” will be interpreted as a character. Thus making the backslash ineffective!!

However there’s a catch! It only works for a few SQL character sets.

Hence…. in order to solve the challenge, i edited the source code of the server. Below is what i edited in sqli_1.php:

And with this i was able to solve the challenge!

I have pmed the author of BWAPP but unable to get any reply…

Please do let me know if u manage to solve this challenge without “cheating”.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store