webProhard

Nova Arts

hackerlab

Task: exploit a Flask web app with a TrackingId cookie vulnerable to blind SQL injection against SQLite. Solution: use CASE WHEN with LOAD_EXTENSION as error oracle (X-Theme header change), binary search extraction of admin credentials via cookie injection, then login to /admin.

$ ls tags/ techniques/
sqliteflaskblind_sqlicookie_injectionerror_based_oracle
binary_search_extractionblind_sqli_cookiesqlite_load_extension_oracleparallel_extraction
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub to continue. No email required.

$sign in

$ grep --similar

Similar writeups