I understand what type of sqli is that and what tool I need to use to automate its exploitation but I’m unable to bypass the ■■■■ waf. If only ’ and ( would be excluded from regexp I’d have no problems. I must be missing something
Okay, I think I managed to bypass the WAF, but I have no clue how to proceed any further regards suitable SQL injection techniques. Maybe I just know too little about it, and the fact that the script suppresses any errors doesn´t make it better.
Very nice challenge. I did learn not to fully trust automated tools.
The tool you would use already has a script that manipulates the payload, however, it is not recognized as encoding
Great challenge! It took me a while to get a flag but i’ve finally done it. As already mentioned in this topic, the tool you want to use for this already has a suitable script.
Finally I solved it, nice challenge. Its easy to overthink it so my suggestion to those who struggling would be to keep things simple and don’t forget that its 40 points only.
I am really stuck on this one. I Have been trying some of the tools, and just playing around with input in Burp but still cant seem to get anywhere. Any hints?