Bypassing addslashes() using format string to get SQL Injection | Baby-sql @ HackTheBox скачать в хорошем качестве

Bypassing addslashes() using format string to get SQL Injection | Baby-sql @ HackTheBox

Baby sql is a Medium difficulty Web challenge from ‪@HackTheBox‬ . In this video we are going to exploit a format string vulnerability in order to bypass the PHP addslashes() function and obtain SQL Injection against the target. === Timestamp === 00:00 Intro 00:44 Source code analysis 01:36 Creating a local copy of the script to debug 02:02 Hosting with PHP the debug page and testing that it works 02:23 Testing the behaviour of the program 02:45 Documenting about the addslashes() PHP function 03:23 Documenting about the vsprintf() PHP function 03:44 Format string 101 04:08 Discovering a format string vulnerability 04:28 Finding a way to bypass addslashes() and evade the query 04:55 Searching a suitable SQL Injection attack 05:31 Failing dumping tables because error-based subquery returns more then 1 row 05:27 Dumping tables, rows and the final flag 06:45 Outro If you enjoyed the video leave a like and subscribe to my channel! For writeups in text format or other articles related to Ethical Hacking go to my blog: https://maoutis.github.io/ --- Would you like to support my work? Offer me a virtual coffee :) https://www.buymeacoffee.com/0xbro Check out my socials: Twitter:   / 0xbro1   Linkedin:   / mattia-0xbro-brollo-b4129614b