BWAPP SQL (GET/SEARCH)
While prepping for AWAE, i decided to try and play around with BWAPP. However, perhaps because the project is slightly outdated, there are some challenges that are unable to be done.
I will be blogging about my solutions/work-arounds for some of the challenges I faced.
SQL Injection (GET/Search) Medium/Hard:
This challenge tries to bypass the html addslashes call. User input is sanitized by passing through the addslashes function. This function will add a backslash in front of single quotes, thus preventing SQL injection. Most/all of the searches mention that to bypass this, append a “0xbf” before the single quotes. This is because in hex, the backslash character is 0x5C and “0xbf\0x5c\” will be interpreted as a character. Thus making the backslash ineffective!!
Bypass Addslashes using Multibyte Character
I beleive this tutorial is nother unique or new as compared to other tutorials on Securityidiots. Tutorial related to…
However there’s a catch! It only works for a few SQL character sets.
Php addslashes sql injection still valid?
Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question. Provide details and share…
Hence…. in order to solve the challenge, i edited the source code of the server. Below is what i edited in sqli_1.php:
And with this i was able to solve the challenge!
I have pmed the author of BWAPP but unable to get any reply…
Please do let me know if u manage to solve this challenge without “cheating”.