Difficulty : Practitioner π― Goal To solve the lab, perform a SQL injection UNION attack that returns an additional row containing the value provided. Value provided: βabcβ β Solution First we ...
πΈοΈ PSA - SQLi 3 - UNION attack, determining the number of columns returned by the query
Difficulty : Practitioner π― Goal To solve the lab, determine the number of columns returned by the query by performing a SQL injection UNION attack that returns an additional row containing null ...
πΈοΈ PSA - SQLi 2 - SQLi Allowing Authentication Bypass
Difficulty : Apprentice π― Goal To solve the lab, perform a SQL injection attack that logs in to the application as the administrator user. β Solution In the Username field of the Login form: a...
πΈοΈ PSA - SQLi 1 - SQLi in WHERE clause
Difficulty : Apprentice π― Goal Show all the products no matter the category. β Solution Initial request: <website>/products?category=Gifts With payload: <website>/products?categ...
π’ HTB - Nibbles
Letβs walk through the box Nibbles, an easy-rated Linux box that showcases common enumeration tactics, basic web application exploitation, and a file-related misconfiguration to escalate privileges...
π΅ HTB - Meow
What does the acronym VM stand for? Virtual Machine What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN con...
π΅ HTB - Fawn
What does the 3-letter acronym FTP stand for? File Transfer Protocol Which port does the FTP service listen on usually? 21 What acronym is used for the secure version of FTP? SFTP What is t...
THM - Hack Park
Coming soon π§
THM - Game Zone
4th challenge of the Advanced Exploitation module called Game Zone. On the introduction of the challenge we can read that we will use some SQL injection manually then using SQLMap. Plus we will do...