webPromedium
Lab 84 — PulseView
hackadvisor
Task: Flask analytics platform with Event Explorer search vulnerable to SQL injection behind a WAF that blocks common keywords and operators. Solution: Bypass WAF using OR followed by json_extract() tautology to reveal a hidden 93rd event containing the flag in its JSON properties.
$ ls tags/ techniques/
sqlitewaf_bypasssql_injectionflaskdecoy_flaghoneypot_flaganalytics_platformjson_extractboolean_blind
decoy_flag_detectionsql_injection_via_search_parameterwaf_bypass_or_followed_by_letterjson_extract_tautologyboolean_blind_sqli_with_iifjson_extract_equality_without_equalssqlite_string_truthiness
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 233 — PulseAPI — Regex Auth Bypass via Query String Injection— hackadvisor
- [web][Pro]Lab 138 — PulseGuard — SpEL Injection via Whitelabel Error Page— hackadvisor
- [web][Pro]Lab 81 — InsightPulse — SQL Injection in Analytics Tracking— hackadvisor
- [web][Pro]Lab 145 — RankPulse — XXE via Sitemap XML Parsing— hackadvisor
- [web][Pro]Lab 238 — PulseWatch — SQL Injection in Collector Configuration— hackadvisor