Portswagger | SQL injection with filter bypass via XML encoding

Solve Portswagger Lab

SQL injection with filter bypass via XML encoding

This challange prevent you from inject sql query, WAF detecteing your query so you need to obfuscate your payloads.

NOTE: In this tutorial we will try to get all database information we will not depend on information about tables that supplied to this challange.

Steps:

1- Fire your weapons | Burp  and access lab 

2- Intercept POST request you will see that paramters passed in XML format

3- Try to send any sql syntax and send post request, you will see that waf detect your attack

4- So we need to obfuscate our payload you can use hackvertor or encoder here is used html encoder to obfuscate payload then i tried to run simple query to see if i bypassed waf or not

5- Yes payloads bypassed to we need to develop query to retrive information from this DB

This query for return all database tables and then know columns for selected tables and the final one to retrive data from selected table 

– UNION SELECT table_name FROM information_schema.tables

– UNION SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE  TABLE_NAME = ‘users’;

– UNION SELECT CONCAT(username,’ -> ‘,password) FROM users;

Finaly we solved challange

Leave a Reply

Your email address will not be published. Required fields are marked *