September 17, 2022 at 10:29 AM
Hi guys,
I discovered a SQL Injection point in the URL:
http://ip:port/view/2'%20or%201=1;--
With sqlmap I could dump the sqlite database and I saw the same results as I saw in the source code.
I think that the challenge is to modify something into the database in order to show the flag file in the website using a pickle deserialization.
templates/item.html: {% set item = product | pickle %}
templates/index.html: {% set item = product.data | pickle %}
Any hint about how to continue, please?
I discovered a SQL Injection point in the URL:
http://ip:port/view/2'%20or%201=1;--
With sqlmap I could dump the sqlite database and I saw the same results as I saw in the source code.
I think that the challenge is to modify something into the database in order to show the flag file in the website using a pickle deserialization.
templates/item.html: {% set item = product | pickle %}
templates/index.html: {% set item = product.data | pickle %}
Any hint about how to continue, please?