Name: Login Bender
Description: Log in with Bender’s user account.
Difficulty: 3 star
Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html
The expanded description for this challenge takes care to point out that this is an “injection” challenge. The last time I logged in using injection it was to access the administrator’s account, because I correctly assumed it would be the account with the lowest user ID number. In this case, I would have to log into a specific user’s account in order to complete the challenge. Knowing how the data is sent from the login screen to the server, and knowing the Email field is vulnerable to SQL injection, it was a fairly simple process of deduction to work out that all that was necessary to complete this challenge would be to identify Bender as the user account I wanted to log into and apply the same SQL injection pattern which had worked for the admin account.
Prevention and Mitigation Strategies:
OWASP SQL Injection Mitigation Cheat Sheet
Lessons Learned and Things Worth Mentioning:
Nothing special. It’s cool to see that the SQL injection trick doesn’t only work for one user, but any user whose email address I know. Since I’ve got a complete list of users from both the Admin Section and Database Schema challenges, that means I can gather everything from addresses to credit card numbers from any user. Not ideal.