hint please
hint pls
(Contains what could be construed as hints or spoilers.)
.
.
.
I read the code.
I found the endpoint vulnerable to SQL injection.
I found the right combination of sqlmap options. This worked in under 1 second on the local docker instance and took about 10 minutes against the live system.
I got the flag and submitted it.
I canât help but think there is a more elegant way to solve this, which involves subverting the blind-but-vulnerable endpoint to manipulate the database, then using the useful but non-vulnerable endpoint to retrieve the modified entry. Or am I just overthinking it?
Guys really struggling with SQLMap. Tried multiple SQLMap flags, still no success. This is difficult or I m stuck in a rabbit hole. Can someone help please as my head scratching has been going on for 3 weeks now.
I am just repeatedly getting âAll tested parameters do not appear to be injectableâ
Guys really struggling with SQLMap. Tried multiple SQLMap flags, still no success.
What flags have you tried?
HTB{f4k3_fl4_f0r_t35t1ng}
I was using this flag to better understand what was sqlmap doing.
(-r req.txt --proxy=http://127.0.0.1:8080)
I donât know why but burpsuite modifies headers and so injection was not possible.
Removed proxy flag and worked just fine.