Inj3ction Time
100 points Hard

I stumbled upon this website: http://web.ctflearn.com/web8/ and I think they have the flag in their somewhere. UNION might be a helpful command

Flag
Rating 4.71
5
4
3
2
1

Discussion

Good Challenge i used splmap in Linux

0

Hackbar

0

sqlmap is a blessing from jeebus

0
Protected
0

Thanks

0
Protected
1

Nice Challenge , it took almost 1h to refresh my skills and solve it , but i need more complex Examples rather than redtiger , if someone have more complex examples please leave the link ....

-1

BBBBBBBBOOOOOOOOOOOTTTTTTTTTTTTTAAAAAAAAAAKKKKKKKKKK!!!!!!!!!!!!

-6

now it would actually be hard if you didn't give away the part that requires thinking, which is to use UNION and ORDER BY

0

thats really good practice but its med level , some hints for starters : 1- check first what is url looks like before and after send data so you can know about filtering . 2- union is 1st step for any sqli, so read more about it . 3- after that you can see clearly how you can write your injection queries without blocking filters . 4- now , what you looking for is two things mainly : () - tables () - coulmns , after all that => you will find the REAL flag .

0