SQL Injection Basic (Boolean)

Authored by Keniver

Easy SQL A03:2021 CWE-89 Injection

Description

Points: 50

This is the employee verification system of RiRiLa Company. By entering an employee's name, you can confirm whether they are an employee of RiRiLa. Use this system to practice SQL Injection techniques.

Unlike some systems that display detailed data, this system only indicates whether the input corresponds to an employee. You must leverage this binary output to extract information.

Your goal is to retrieve the result of the query SELECT flag FROM flag, where the flag content is the solution to this challenge.

Tips

Extracting data through the employee verification response resembles a Boolean-based approach, where the true/false output can be used to infer information.
Consider crafting queries that manipulate the system's response (e.g., using conditions like AND or OR) to deduce the flag content character by character.

Challenge URL/Files

SQL Injection Basic (Boolean)

Reference Materials

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Writeups

There is no content at the moment.

Would you like to submit one?

Categories

SQL Injection Basic (Boolean)

Description

Tips

Challenge URL/Files

Reference Materials

Writeups