H@cktivitycon 2021 - Web

Another late CTF writeups for H@cktivitycon 2021 web category.

HackTheBox - Validation

Second-order SQL injection

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file