bWAPP - SQL Injection (POST/Select)

bWAPP – SQL Injection (POST/Select)

In this walk through, we will be going through the SQL Injection (POST/Select) vulnerability section from bWAPP Labs. We will be exploring and exploiting SQL Injection in POST requests and select parameters and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

SQL Injection (POST/Select)

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application has a select functionality which is used to select movies as per the user’s wish and display information regarding that. As per the Burp intercept it issues a POST Request to sqli_13.php file which in turns displays the output from the DB.

SQL Injection (POST/Select)

Burpsuite intercept

  • As this is POST request, we are unable to append our payloads to the URL directly instead we have to use a proxy tool like Burpsuite to to this. So, i intercepted the request via Burp and used the apostrophe (‘) at the end of the movie ID which causes an error. That’s good as it might be vulnerable to SQL injection.

'

Producing a SQL error

SQL error

  • I used the below payload where i input an out of scope movie ID along with a TRUE statement and got a positive response.

999+OR+1=1--+-

Payload

SQL Injection confirmed

Security: Medium

  • Setting the security level to Medium.

Security level medium

  • I checked if i can produce an error by adding apostrophe (‘) and it worked.

Producting an SQL error

SQL error

  • I used the below payload and it worked in medium level too as we got a positive response.

9999+OR+1=1;

payload

SQL Injection (POST/Select)

Security: High

  • Setting the security level to High.

Security level Low

  • Unable to produce error in high level as the application is using prepared statements.

Burpsuite intercept

Select functionality

Payload

No Movies found

Also Read: bWAPP – SQL Injection (Login Form/User)

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP SQL Injection (POST/Select) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential SQL Injection attacks by performing input sanitization and using prepared statements or parametrized queries for every SQL query made by the application to the database. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top