TryHackme’s Advent of Cyber 2023 — Day 10 Writeup

Learning Objectives

In today’s task, you will:

- Learn to understand and identify SQL injection vulnerabilities

- Exploit stacked queries to turn SQL injection into remote code execution

- Help Elf McRed restore the Best Festival website and save its reputation!

SQL

Structured query language (SQL) is essential for working with relational databases and building dynamic websites. Even if you’ve never explicitly used SQL before, chances are you frequently interact with databases. Whether you’re checking your bank account balance online, browsing through products on an e-commerce website, or posting a status on social media, you’re indirectly querying and altering databases. SQL is one of the most popular languages that make this all possible.

Relational databases are structured data collections organised into tables, each consisting of various rows and columns. Within these collections, tables are interconnected with predefined relationships, facilitating efficient data organisation and retrieval. For example, an e-commerce relational database might include tables for “customers”, “orders”, and “products”, with relationships defined to link customer information to their respective orders through…