SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed us to find a way to display and show the SQL query sent to the database after submitting the form. We discovered that the application encloses the SQL query with double quotes. With this information in hand, we tried injecting the form with manual SQL injection payloads while enclosing them with double quotes which resulted in successful login. This was part of OverTheWire War Games Natas Level 14

Get OSCP Certificate Notes

Natas Level 15 Level Password:

TTkaI7AWG4iDERzBcEyKV7kRXH1EZRB

Video Walkthrough

CTF Writeups, OverTheWire CTF, OverTheWire Natas Level 14, OWASP, sql inection

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Other stories

Microsoft DREAD Framework Explained | Threat Modeling | TryHackMe

The MITRE ATT&CK Framework Explained | Threat Intelligence and Modeling | Part 1

Press ESC to close

SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Share Article:

You might also like

HackTheBox CBBH vs PortSwigger Web Security Academy: Full Breakdown

Web Hacking 101 with PicoCTF | CTF Walkthrough

Practical Coding in Cyber Security | HackTheBox Coding Challenges

Other stories

Microsoft DREAD Framework Explained | Threat Modeling | TryHackMe

The MITRE ATT&CK Framework Explained | Threat Intelligence and Modeling | Part 1