(October 24, 2022, 01:50 PM)Hacker2222 Wrote: 请在这里讨论


逆转挑战：
感谢@HTBContestant

(October 25, 2022, 02:42 AM)4ndtips2020 Wrote: Its working

(October 24, 2022, 09:46 PM)lnf02 Wrote: Hey guys @Hacker2222, I found the solution for this Web challenge, doesn't seem to be like a "easy" challenge, more like a medium challenge...

basically you need to work with nested queries, the register API is vulnerable, due to the fact that is using "insert" without any sanitization on the user's input, so... you need to bypass the "user already exists" check, and after that nest your real query. The thing is, you should be able to manipulate almost perfectly the password column but is useless... BUT SQL has a built-in function to UPDATE the field where there's a "duplicated" field... Maybe you are understanding what I'm talking about, maybe you are just looking for the god dam flag (script kiddie xD)

In other words:

You need to create a query that is able to bypass the "username already exist" check and after that, check for a duplicated value with the username=admin

If you really want to understand all the logic behind this SQLi, I recommend you to read this 

https://www.w3schools.com/sql/sql_union.asp
https://stackoverflow.com/questions/8043908/how-do-i-force-an-insert-into-a-table-with-a-unique-key-if-its-already-in-the-t

Here's the high level SQLi

(October 24, 2022, 01:50 PM)Hacker2222 Wrote: thanks


reversing challenge:
thanks @HTBContestant