webmedium
LuckySensors
volgactf
Task: Sensor monitoring dashboard (FastAPI/ClickHouse) with ORDER BY SQL injection in sortField parameter and random HTTP 500 errors (~50-90%). Solution: Blind boolean-based SQLi via CASE WHEN oracle in ORDER BY clause, retry-based noise filtering, ClickHouse system.tables enumeration to find hidden secret table, binary search character extraction of flag.
$ ls tags/ techniques/
sqlifastapiblind_sqliboolean_basedclickhouseorder_by_injectionbinary_search_extractionrandom_errorssystem_tablesuvicorn
order_by_blind_boolean_injectioncase_when_boolean_oraclebinary_search_character_extractionclickhouse_system_tables_enumerationretry_based_noise_filteringprobabilistic_oracle
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub to get started.
$ssh [email protected]