Jump to content

Altoro Mutual site


gunitinug
 Share

Recommended Posts

Hi.

I have to pen test altoro mutual site(https://demo.testfire.net) for a project. The site uses DERBY DB.

I have discovered that its login page is vulnerable to blind boolean sqli.

I have discovered that there is a table called user under schemaname of APP (ie. APP.user).

I typed in

Username: admin' and (select count(user) from app.accounts where user like '%a%')>0--
Password: anything

This tests whether there is a user that contains a letter 'a'. If the test succeeds altoro mutual site logs in. Otherwise it says "Login Failed: We're sorry, but this username or password was not found in our system. Please try again."

I've tried the same test but this time iterated from a-zA-Z. But it never succeeds in logging in which tells me that maybe Username is not English alphabet. But this is unlikely.

So my problem is I don't know why LIKE operator doesn't return a result that is expected.

I also tried

Username: admin' and (select count(user) from app.accounts where user not like '%a%')>0--
Password: anything

And this time every iteration of a-zA-Z logs in. So this result also tells me Username does not contain a letter.

Lastly this one works (it logs in)

Username: admin' and (select count(user) from app.accounts where user not like '%')>0--
Password: anything

Can you help me why LIKE operator fails when user LIKE '%a%' and so on?

THX

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...