DynamoDB : SQL Injection Walkthrough

Today, I am going to write walkthrough of DynamoDB : SQL Injection Lab which is present on https://attackdefense.pentesteracademy.com/challengedetails?cid=2292

Step 1:

Go to https://yscpye9z66.execute-api.us-east-1.amazonaws.com/dev/

Step 2:

Step 3:

Write ‘ or ‘1’ = ‘1 in username as well as password field.

You will get an error.

Error will be

The AttributeValue for a key attribute cannot contain an empty string value.\n"

The above case is happening because you are not entering anything before the comma

Step 4:

Now, again go to

https://yscpye9z66.execute-api.us-east-1.amazonaws.com/dev/

Step 5:

Now, enter demo ‘ or ‘1’ = ‘1 in both username and password field.

Now, you will get a flag on the next page.

I am not sharing that flag here because of security concerns.

Step 6:

Now, go to.

https://attackdefense.pentesteracademy.com/challengedetails?cid=2292

Step 7:

Click on Verify Flags

Step 8:

Enter your flag and verify it.

Congratulations! We have completed this lab.
Thank you so much for your time and attention.