webProhard
Не Уцуцуга (Ne Utsutuga)
hackerlab
Task: Web application with registration form where standard SQLi doesn't work. Solution: Fragmented SQL Injection via backslash escape - adding backslash at end of email field escapes the closing quote, allowing profession field to contain SQL code. Used DIOS technique to extract admin credentials.
$ ls tags/ techniques/
sql_injectionmysqlfragmented_sqliinsert_injectionbackslash_escapediosregistration_formmulti_field_injectionquote_escape
Fragmented SQL Injection via backslash escapeDIOS (Dump In One Shot) for data extractionMulti-field INSERT injectionBackslash quote escape bypass
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Pryzhok— hackerlab
- [web][Pro]No Quotes— uoftctf2026
- [web][Pro]ПОСТимся (Posting/Fasting)— hackerlab
- [web][Pro]Ограничения (Restrictions)— hackerlab
- [web][Pro]Безопасное хранилище (Secure Storage)— hackerlab