Inj3ction Time
100 points Hard

I stumbled upon this website: http://web.ctflearn.com/web8/ and I think they have the flag in their somewhere. UNION might be a helpful command

Flag
Rating 4.70
5
4
3
2
1

Discussion

thats really good practice but its med level , some hints for starters : 1- check first what is url looks like before and after send data so you can know about filtering . 2- union is 1st step for any sqli, so read more about it . 3- after that you can see clearly how you can write your injection queries without blocking filters . 4- now , what you looking for is two things mainly : () - tables () - coulmns , after all that => you will find the REAL flag .

0

I'm confused. I tried the commands shown in the comments but nothing returned. Has this challenge changed since the comments were posted?

0

i used sqlmap , used the opportunity to learn about sqlmap

1

Should be considered an easy injection question, solvable without using any tool with just manual trial and error in a cpl minutes. Now it would actually be hard if you didn't give away the part that requires thinking, which is to use UNION and ORDER BY

-1

I swear i knew sql for sqli like 2 months ago and i just forgot most of it ☠️

3

Needs basic understanding of union and order in sql injection perspective.

0

A beautiful concept explained here, as it focuses on SQLi using UNION.

0

Is it by design that https://web.ctflearn.com/web8/fade.js is missing and returns 404 when browser tries to load it?

0

show tables in information_schema.tables then show column in information_schema.columns

3
Protected
0

https://blog.csdn.net/arbitraty/article/details/80202040 https://blog.csdn.net/qq_32863631/article/details/83024322 these help me a lot

-5

chutiye

0

Doesnt really help when you dont speak Chinese lol

3