#hack – M. Ștefan Cristian Infosec engineer navigating the digital & analog realms Wed, 06 Oct 2021 21:26:50 +0000 en-GB hourly 1 https://wordpress.org/?v=6.6.2 /wp-content/uploads/2021/10/icon.png #hack – M. Ștefan Cristian 32 32 SQL Injections showcase /2021/10/06/sql-injections-showcase/ Wed, 06 Oct 2021 20:43:49 +0000 /?p=137 Continue readingSQL Injections showcase

]]> This is my winning solution for a faculty SQL Injection contest I participated in 2021.

The main challenge was to find inventive and playful ways to exploit database connected applications that are vulnerable to this kind of attack.

Therefore, I used two applications: one that was entirely coded by me, and the other being a vulnerable webservice hosted on a Linux server. It was fun ( ͡° ͜ʖ ͡°) .

Below is the complete description of the exploitation process / write-up.

DB schema

The Github repo for this solution can be found here.

The above PDF and video demo can be found here.

]]>