Skills Assessment
Task
You are given access to a web application with basic protection mechanisms. Use the skills learned in this module to find the SQLi vulnerability with SQLMap and exploit it accordingly. To complete this module, find the flag and submit it here.
What’s the contents of table final_flag?
Attempt
Accessing the specified IP address and port led to Minishop website. The website looks massive and there seem to be broad attack surface. But since this is a sqli module I thought the contact form would be the target.
With the dev tool turned on, I sent a form filled with random stuff. Somehow Chromium didn’t capture the request so I fired up burp. Okay looks like this form is fake.
After clicking around the website I found add to cart button actually worked and it sent a post request to action.php with json data {id:1}.
Now the time to fire sqlmap!:
sqlmap http://94.237.53.57:44959/action.php --data='{"id": 1}' --batch --dump
Didn’t work. Guess there’s some kinda protection. Tried to bypass and also raised risk and level:
sqlmap http://94.237.53.57:44959/action.php --data='{"id": 1}' --batch --dump --risk 3 --level 5 --random-agent --tamper=between -T final_flag
This took quite long, long enough for me to grab some grub but worked. Finally got the flag.