Advent of Cyber 2023 - [Day 10] Inject the Halls with EXEC Queries - Tryhackme

Advent of Cyber 2023 - [Day 10] Inject the Halls with EXEC Queries

Day - 10 Questions and Answers: ✅

1. Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature?

Ans: /giftsearch.php

2. Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website?

Ans: ODBC Driver 17 for SQL Server

3. Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database?

Ans: THM{a4ffc901c27fb89efe3c31642ece4447}

4. What flag is in the note file Gr33dstr left behind on the system?

Ans: THM{b06674fedd8dfc28ca75176d3d51409e}

5. What is the flag you receive on the homepage after restoring the website?

Ans: THM{4cbc043631e322450bc55b42c}

If you enjoyed this task, feel free to check out the Software Security module.

Link: https://tryhackme.com/room/adventofcyber2023

Support me: If you like to support me, buy me a cup of Coffee☕

Follow me: Medium | LinkedIn | Twitter