Infinity - SQL Injection - Login_Logic
A walkthrough of exploiting a Boolean-based SQL Injection vulnerability in a login form on Infinity platform. By injecting a true condition into the username field, we bypassed authentication without knowing any credentials.
Infinity — SQL Injection: Login_Logic
Overview
A walkthrough of exploiting a Boolean-based SQL Injection vulnerability in a login form on Infinity platform. By injecting a true condition into the username field, we bypassed authentication without knowing any credentials.
Vulnerability: Boolean-based SQL Injection
Step 1: Identify the Input Field
Open the challenge and locate the Login form input field.
Step 2: Test for SQL Injection
Inject a single quote ' " and i got an error : 
first let’s imagine sql query :
1
SELECT * FROM users WHERE username='User_input' AND password='User Input';
if we put '-- - in user name field we can comment password condition and put true condition like 1=1
Step 3: inject form with True boolean operation
Use 'or 1=1 -- - to find how many columns the original query returns. Increment until result doesn’t appears.
username : ' or 1=1-- - Password : dummy
and successfully logged in :
Key Takeaways
- always try
'"first - Boolean based sql injection is hi risk
Happy Hacking!