TAMU CTF 2019 web writeups (Bird Box Challenge)
Team: MTA256
When we connect to the website, we are offered a basic homepage.with a search box
Let’s use Burp Suite to read the HTTP requests and responses:
Let’s forward it to repeater:
I tried an sql injection On the URL parameter named Search, first think I tried to inject ‘UNION SELECT 1# , Then I’ve got the perfect responce:
If you try getting into version() will not find anything interesting:
but user() gives me the flag :)
I would like to thank very much author of this challenge especially and TAMU Team generally. This task was very educational about one of strong vulnerabilities. I hope that my writeup will help everyone read it