Open in app

Sign in

Write

Sign in

Advanced SQL Injection | TryHackMe walkthrough

Akintola John
3 min readJun 23, 2024

--

this is a solution and walkthrough

SQL injection remains one of web applications’ most severe and widespread security vulnerabilities. This threat arises when an attacker exploits a web application’s ability to execute arbitrary SQL queries, leading to unauthorised access to the database, data exfiltration, data manipulation, or even complete control over the application. In this room, we will understand advanced SQL injection techniques, providing a comprehensive understanding of sophisticated attack vectors and mitigation strategies.

Answers for this room:

Task 1:

  1. What is the port on which MySQL service is running?

ans : 3306

Task 2:

1) What type of SQL injection uses the same communication channel for both the injection and data retrieval?

ans : In-band

2) In out-of-band SQL injection, which protocol is usually used to send query results to the attacker’s server?

ans : HTTP

Task 3: Second-Order SQL Injection

  1. What is the flag value after updating the title of all books to “compromised”?

ans : THM{SO_HACKED}

2. What is the flag value once you drop the table hello from the database?

ans : THM{Table_Dropped}

Task 4:

  1. What is the MySQL error code once an invalid query is entered with bad characters?

ans : 1064

2. What is the name of the book where book ID=6?

ans: Animal Series

Task 5:

  1. What is the password for the username “attacker”?

ans : tesla

2. Which of the following can be used if the SELECT keyword is banned? Write the correct option only.
a) SElect

b) SeLect

c) Both a and b

d) We cannot bypass SELECT keyword filter

ans : c

Task 6:

  1. What is the output of the @@version on the MySQL server?

ans : 10.4.24-MariaDB

2. What is the value of @@basedir variable?

ans : C:/xampp/mysql

Task 7:

  1. What is the value of the flag field in the books table where book_id =1?

ans : THM{HELLO}

2. What field is detected on the server side when extracting the user agent?

ans : User-agent

Task 8:

  1. Does the dynamic nature of SQL queries assist a pentester in identifying SQL injection (yea/nay)?

ans : nay

Task 9:

  1. What command does MSSQL support to execute system commands?

ans : xp_cmdshell

Task 10:

--

--

Akintola John

Written by Akintola John

3 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams