Home page View source Hmm.. interesting parameter id let’s check that. Hex dump of image is fetched. Testing the parameter for possible SQLi http://35.237.57.141:5001/a6d92f8421/fetch?id=2-1 Outputs id=1 (same result) So… SQL injection? Yes 😁 Manual Enumeration Query is evaluated as true if it returns page with hexdump of valid id 1 or 2. In these cases […]
Hi guys back again in this series if you followed up my previous post (1 / 3) Back to login page We did find ginger:nadia as valid credentials but there’s more to this login page and back end mysql database. Since we already found blind SQLi let’s level up our enumeration. There are two ways […]
A Simple Question – Points: 650 Problem Statement There is a website running at (link). Try to see if you can answer its question. Testing input as invalid Response Let’s extract the correct answer using blind SQli But first I want to know the length of answer Found length in burp after intruding 1-20 numbers […]
wiks3c 