A Simple Question – Points: 650
Problem Statement
There is a website running at (link). Try to see if you can answer its question.
Testing input as invalid
Response
Let’s extract the correct answer using blind SQli
But first I want to know the length of answer
Found length in burp after intruding 1-20 numbers were used as payload.
Now crafting another request with 14 placeholders/underscores and payload set to 0-9 and a-z that is 10 + 26 = 36 for each request(14)
Total requests = 36 * 14 = 504
Response
Testing with found answer 😃
but it was incorrect even with uppercase 41ANDSIXSIXTHS. 😡
Maybe its a number?
42 incorrect too 😂😠
Let’s try this
Gotcha !
Thanks for reading!
wiks3c 