sanitize writeup
Challenge name: sanitize
Difficulty: Easy
Challenge Scenario: Can you escape the query context and log in as admin at my super secure login page?
Link: https://app.hackthebox.com/challenges/sanitize?tab=play_challenge
Machine IP: 154.57.164.83:32652
Navigated to the site and its a login form.
Right away looks like sql injection.
‘ OR 1 = 1 –
And it responded with this (realized later that my notes had an emdash instead of 2 hyphens for commenting).
Fixed commentating and it worked and I got the flag.
‘ or 1=1 — –
GG
Hacking Insights by Max Bautista 
Leave a comment