DynamoDB : SQL Injection Walkthrough
Today, I am going to write walkthrough of DynamoDB : SQL Injection Lab which is present on https://attackdefense.pentesteracademy.com/challengedetails?cid=2292
Step 1:
Go to https://yscpye9z66.execute-api.us-east-1.amazonaws.com/dev/
Step 2:
Step 3:
Write ‘ or ‘1’ = ‘1 in username as well as password field.
You will get an error.
Error will be
The AttributeValue for a key attribute cannot contain an empty string value.\n"
The above case is happening because you are not entering anything before the comma
Step 4:
Now, again go to
https://yscpye9z66.execute-api.us-east-1.amazonaws.com/dev/
Step 5:
Now, enter demo ‘ or ‘1’ = ‘1 in both username and password field.
Now, you will get a flag on the next page.
I am not sharing that flag here because of security concerns.
Step 6:
Now, go to.
https://attackdefense.pentesteracademy.com/challengedetails?cid=2292
Step 7:
Click on Verify Flags
Step 8:
Enter your flag and verify it.
Congratulations! We have completed this lab.
Thank you so much for your time and attention.