webPromedium
Lab 82 — PixelVault — SQL Injection via User-Agent in Activity Logging
hackadvisor
Task: Photo management platform with activity logging that stores User-Agent header directly in MariaDB via non-parameterized INSERT. Decoy flags in HTML comments mislead scanners. Solution: Time-based blind SQL injection via User-Agent header during login, using IF(condition, SLEEP(), NULL) in the datetime column of the INSERT statement, binary search extraction of flag from app_secrets table.
$ ls tags/ techniques/
sqlimysqlphpheader_injectionnginxuser_agentblind_sqliinsert_injectiondecoy_flagmariadbtime_based_blindactivity_logging
binary_search_extractiontime_based_blind_sqlisqli_via_user_agent_headerdecoy_flag_avoidanceinsert_statement_injection
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 49 — PixelVault — Stored XSS via Malicious SVG Upload— hackadvisor
- [web][Pro]Lab 314 — PixVault — ExifTool DjVu RCE via Image Upload— hackadvisor
- [web][Pro]Lab 202 — WikiVault — AngularJS Client-Side Template Injection (XSS)— hackadvisor
- [web][Pro]Lab 330 — AuthVault — Blind LDAP Injection in Directory Lookup— hackadvisor
- [web][Pro]Lab 307 — CrewHub — File Upload RCE via Polyglot JPG/PHP— hackadvisor