In this walk through, we will be going through the SQL Injection (POST/Select) vulnerability section from bWAPP Labs. We will be exploring and exploiting SQL Injection in POST requests and select parameters and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.
![bWAPP - SQL Injection (POST/Select) SQL Injection (POST/Select)](https://inventyourshit.com/wp-content/uploads/2024/02/8gpxc9.jpg)
Table of Contents
Security: Low
- Setting the security level to Low.
![bWAPP - SQL Injection (POST/Select) Security level Low](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223152.png)
- The application has a select functionality which is used to select movies as per the user’s wish and display information regarding that. As per the Burp intercept it issues a POST Request to sqli_13.php file which in turns displays the output from the DB.
![bWAPP - SQL Injection (POST/Select) SQL Injection (POST/Select)](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223222.png)
![bWAPP - SQL Injection (POST/Select) Burpsuite intercept](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223319.png)
- As this is POST request, we are unable to append our payloads to the URL directly instead we have to use a proxy tool like Burpsuite to to this. So, i intercepted the request via Burp and used the apostrophe (‘) at the end of the movie ID which causes an error. That’s good as it might be vulnerable to SQL injection.
'
![bWAPP - SQL Injection (POST/Select) Producing a SQL error](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223353.png)
![bWAPP - SQL Injection (POST/Select) SQL error](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223406.png)
- I used the below payload where i input an out of scope movie ID along with a TRUE statement and got a positive response.
999+OR+1=1--+-
![bWAPP - SQL Injection (POST/Select) Payload](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223610.png)
![bWAPP - SQL Injection (POST/Select) SQL Injection confirmed](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010223645.png)
Security: Medium
- Setting the security level to Medium.
![bWAPP - SQL Injection (POST/Select) Security level medium](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224407.png)
- I checked if i can produce an error by adding apostrophe (‘) and it worked.
![bWAPP - SQL Injection (POST/Select) Producting an SQL error](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224323.png)
![bWAPP - SQL Injection (POST/Select) SQL error](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224351.png)
- I used the below payload and it worked in medium level too as we got a positive response.
9999+OR+1=1;
![bWAPP - SQL Injection (POST/Select) payload](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224608.png)
![bWAPP - SQL Injection (POST/Select) SQL Injection (POST/Select)](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224623.png)
Security: High
- Setting the security level to High.
![bWAPP - SQL Injection (POST/Select) Security level Low](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224705.png)
- Unable to produce error in high level as the application is using prepared statements.
![bWAPP - SQL Injection (POST/Select) Burpsuite intercept](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224808.png)
![bWAPP - SQL Injection (POST/Select) Select functionality](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224820.png)
![bWAPP - SQL Injection (POST/Select) Payload](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224911.png)
![bWAPP - SQL Injection (POST/Select) No Movies found](https://inventyourshit.com/wp-content/uploads/2024/02/Pasted-image-20231010224924.png)
Also Read: bWAPP – SQL Injection (Login Form/User)
Conclusion:
![bWAPP - SQL Injection (POST/Select) Conclusion](https://inventyourshit.com/wp-content/uploads/2024/02/8gpx4j.jpg)
So, we finally completed all the security levels for the bWAPP SQL Injection (POST/Select) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential SQL Injection attacks by performing input sanitization and using prepared statements or parametrized queries for every SQL query made by the application to the database. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.