Orbital

The page looks like this:

look at the code:

and password verify function looks like this:

so sql injection:

admin\"

so we unleash sqlmap over it:

ichliebedich

sqlmap -r request.txt --batch --dump

so we have the export functionality to get the file:

look at the Dockerfile:

when we give the payloaD:

HTB{T1m3_b4$3d_$ql1_4r3_fun!!!}

Last updated 10 months ago