We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed us to find a way to display and show the SQL query sent to the database after submitting the form. We discovered that the application encloses the SQL query with double quotes. With this information in hand, we tried injecting the form with manual SQL injection payloads while enclosing them with double quotes which resulted in successful login. This was part of OverTheWire War Games Natas Level 14

Natas Level 15 Level Password:

TTkaI7AWG4iDERzBcEyKV7kRXH1EZRB

Video Walkthrough

CTF Writeups, OverTheWire CTF, OverTheWire Natas Level 14, OWASP, sql inection

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Microsoft DREAD Framework Explained | Threat Modeling | TryHackMe

The MITRE ATT&CK Framework Explained | Threat Intelligence and Modeling | Part 1

Press ESC to close

SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Microsoft DREAD Framework Explained | Threat Modeling | TryHackMe

The MITRE ATT&CK Framework Explained | Threat Intelligence and Modeling | Part 1