Official discussion thread for Pentest Notes. Please do not post any spoilers or big hints.
2 Likes
Good challenge, kudos to the author.
I have learned few new things.
Biggest hint same as in case of POP Restaurant is to build the application locally and watch error messages. The vulnerability is very easy to spot, however the payload can be little tricky.
As always if anyone needs help feel free to DM me.
2 Likes
Hello, could you help please, could find a payload 
with sqlmap
EDIT: found the flag: the payload is tough to find, but the vulnerability is easy
I can now execute bash, but I cannot rebound the shell. Is this normal?
If you can execute os commands, you don’t need to acquire stable reverse shell. Just grab the flag.
ths, FINALLY I found a way to get flag, very cool
Hi Guys, Need help with this challenge. Please DM
I have find sql injection vul , but can’t find the right payload for get RCE . Could someone hint me something
i know ,but still can’t find the working payload for RCE
I have a RCE, but seems like can’t get a revshell to work. Any ideas on how to exfiltrate the flag?
Thanks!
EDIT: NVM, got it!
I’m glad to hear you found the flag!
Can’t manage to get RCE after manually enumerating the whole database. Any nudge?
Guys, I’ve been stuck for hours. Can someone message me with a solution or a hint?
Revshell working locally, but not remotely, kek
Hey can I DM ? I found the vuln but my payload is giving me a 500 error
Can I dm someone for a question?
I can do a lot of useful privileged things but I cannot find the right payload to do other things