On Case5 OR SQLi, Detect and exploit (OR) SQLi vulnerability in GET parameter id, I got the flag but upon submission it says it is incorrect. Anyone else have an issue with this flag?
Yes I have the same issue. Any solution?
1 Like
same here.what should we do?
did you find what is the problem?
The hint suggests running the dump a couple times to make sure the flag is correct. Try doing that but don’t forget to delete the previous output in ~/.local/share/sqlmap/output/ otherwise it’ll just get reloaded.
Same, got the flag and its not accepting it. Solution?
flag5 uses a time-based sql injection. this is vulnerable to network lags. basically if the network is lagging you may end up with false positives. a correct character may take too much time to get back to sqlmap that then considers it wrong. if your flag is wrong, rerun sqlmap without the cached info, which means with --fresh-queries and/or --flush-session. good luck.
1 Like