Skip to content
dante's blog
Go back

MHL Labs Food Store Writeup (simple)

hi, this one is a simple writeup for MHL Labs called Food Store, which is a lab designed to learn how sqli can also happen in android app

first, i decompiled the apk to understand the logic behind it using jadx

foodstore16

i focused on understanding the signup activity because the challenge instruction said so foodstore1 i found another class that handles the database logic: dbhelper foodstore2
in dbhelper, i saw the query that runs when a user submits the signup form foodstore3 after that, i tried to manipulate the query by injecting payload into the username field to set ispro to 1. the payload i used was

hacker', 'password123', 'testing', 1); --

foodstore4 the user was created successfully foodstore6 but when i tried to log in with those credentials (hacker:password123), the app crashed foodstore8foodstore9 that meant i missed something. i checked dbhelper again and found that the password and address fields are encoded before being sent to the database foodstore10 this means my first payload bypassed the encoding logic and stored the values as plaintext, which caused an error during login

so i changed my payload to include base64-encoded values for the password and address fields foodstore11
my payload now is like this 

hackertest123', 'cGFzc3dvcmQxMjM=', 'cGFzc3dvcmQxMjM=', 1); --  


and i try to signup one more time  foodstore12

and signup success
foodstore13 after that i try to log in with

hackertest123:password123

foodstore14 and i successfully logged in as a pro user foodstore15 done



Next Post
MHL Lab Strings Writeup