SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed us to find a way to display and show the SQL query sent to the database after submitting the form. We discovered that the application encloses the SQL query with double quotes. With this information in hand, we tried injecting the form with manual SQL injection payloads while enclosing them with double quotes which resulted in successful login. This was part of OverTheWire War Games Natas Level 14

Get OSCP Certificate Notes

Natas Level 15 Level Password:

TTkaI7AWG4iDERzBcEyKV7kRXH1EZRB

Video Walkthrough

CTF Writeups, OverTheWire CTF, OverTheWire Natas Level 14, OWASP, sql inection

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Press ESC to close

SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

OffSec Proving Grounds: Crane Walkthrough | OSCP Prep

HackTheBox Spookypass Challenge Writeup

HackTheBox Permx Writeup