pretty sure i know what i’m supposed to be doing, but i’m struggling to get past the second error. if this is built the way i think it is, it should be pretty simple and deserve the rating it got, but something is in the way
would appreciate a nudge via pm
EDIT: nevermind, i expected this to be the way more complicated option because i’ve been fiddling with it earlier yesterday m)
Challenge done. Great challenge but it should be worth 50 points imo. Learned some new WAF bypass tricks for this kind of attack. @snuggles already pointed a useful hint here for the last part.
Wow, what a challenge, thanks @ahmed, this has been the most difficult web challenge I have done so far on htb, not ezpz at all!!
But learned a lot more thanks.
One thing I want to say, this challenge is not a 20 points challenge, at least not from my noob point of view
Hi, I’m stuck on bypassing the second notice. I’ve tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!
would be nice if someone would be kind enough to guide me through this challenge.
I also stuck on the 2nd and really wanted to solve this and learn the things that this challenge need.
please PM me!
i’m stuck in sqli i got all databases but can’t extract tables names, it looks like WAF blocks built-in functions like: H**, CR, U*H AND → ifrtn_shm…
Do i need to look for more built-in functions in sql that are not blocked by the firewall ??
pm me