Advent of Cyber 2023 - [Day 10] Inject the Halls with EXEC Queries
Day - 10 Questions and Answers: ✅
1. Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature?
Ans: /giftsearch.php
2. Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website?
Ans: ODBC Driver 17 for SQL Server
3. Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database?
Ans: THM{a4ffc901c27fb89efe3c31642ece4447}
4. What flag is in the note file Gr33dstr left behind on the system?
Ans: THM{b06674fedd8dfc28ca75176d3d51409e}
5. What is the flag you receive on the homepage after restoring the website?
Ans: THM{4cbc043631e322450bc55b42c}
If you enjoyed this task, feel free to check out the Software Security module.
Link: https://tryhackme.com/room/adventofcyber2023
Support me: If you like to support me, buy me a cup of Coffee☕
![Advent of Cyber 2023 - [Day 11] Jingle Bells, Shadow Spells - Tryhackme](https://blogger.googleusercontent.com/img/a/AVvXsEjvhLIwhAgizmoE_mSLJoAQsbnom9VM6M3PU9GeUpPsF6PQHGL3O3q6OIOfOe3bdk8AQQC7HpiG4LOCRp5VtWa4QPQQ9YEGXUd9UbbhGBlt551ZtTcDG_z-fK6iuicipbKBnbJgnxsJjME41AaZS2X737-Ji_-vGHP7o2L3EIPSgMdzClKnHJk3_EBAsmk=w72-h72-p-k-no-nu)
0 Comments