Рет қаралды 7,801
Check how the challenge was created on @LiveOverflow channel:
• Design Flaw in Securit...
📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
This video is a solution of Amazing Crypto WAF challenge from ALLES! CTF. The task was created by one of the most popular KZfaqrs in our industry - LiveOverflow. The solution involved bypassing WAF (Web Application Firewall), exploiting blind SQL injection and decrypting the flag.
Exploit code:
gist.github.com/gregxsunday/6...
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
Follow me on twitter:
/ gregxsunday
Timestamps:
00:00 Intro
00:47 See how the challenge is built
01:40 Detecting the SQL injection
03:20 Bypassing the WAF
05:30 Constructing the SQL query
06:33 Decrypting the flag
08:14 Exfiltrating the data using blind SQL injection
#ctf #writeup