Description:
Well, I found this shop and their offers are quite awesome, but something here smells... fishy. 1.ctf.link:1124Solution:
1. Access to http://1.ctf.link:1124 and look around, I found this site use free web template from freewebsitetemplates.com
2. Try view-source to find something interest but not found, I think it just a static website.
3. Found interest in search form that action to search.php.
4. It should be have a name="search" right? , but It have value="search" only.
5. Try to search and intercept request with Burp Suite, not found a value that I input to search. :)
6. Add search parameter to post request and copy all line to webshop.txt
7. Using sqlmap and -r option to Load HTTP request from a file and set -p "search" for inject to search parameter.
8. SQL Injection vulnerability found in search parameter!! try to find tables, columns, dump data and get the flag!
Flag: hxp{this_is_just_a_place_holder}
ไม่มีความคิดเห็น:
แสดงความคิดเห็น