webPromedium

Lab 87 — GridWatch — SQL Injection in Agent Heartbeat API

hackadvisor

Task: Infrastructure monitoring platform with agent heartbeat API that takes Bearer token in Authorization header, SQLite backend. Solution: UNION-based SQL injection in Bearer token with /**/ comment space bypass to enumerate tables and extract flag from system_secrets.

$ ls tags/ techniques/

sqlite sql_injection union_based_sqli api sql_comments decoy_flag space_bypass authorization_header bearer_token heartbeat agent_api monitoring_platform

sqlite_schema_enumerationdecoy_flag_identificationunion_based_sql_injectionsql_comment_space_bypassauthorization_header_injection

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 238 — PulseWatch — SQL Injection in Collector Configuration— hackadvisor
[web][Pro]Lab 172 — PulseGuard — Insecure Deserialization via JSON.NET TypeNameHandling— hackadvisor
[web][Pro]Lab 51 — InsightGrid — SQL Injection via Django JSONField Key Paths— hackadvisor
[web][Pro]Lab 127 — PulseMetric — Insecure Deserialization via Pickle in Agent Report API— hackadvisor
[web][Pro]Lab 170 — PulseGuard — SnakeYAML Deserialization to H2 JDBC OOB Exfiltration— hackadvisor