- Published on
Exploiting a GraphQL vulnerability through SQL injection to bypass authentication and gain unauthorized access. By manipulating the JWT token, we set flagOwner to true and retrieve the flag.
Sql-injection
All Posts
- web (5)
- exploitation (4)
- whack-a-scratch (2)
- ctf (2)
- writeup (2)
sql-injection (2)
- path-traversal (2)
- ssti (2)
- rce (2)
- hatagawa (1)
- hatagawa-ii (1)
- cryptography (1)
- crypto (1)
- blackhat (1)
- blackhat-2025 (1)
- blackhat2025 (1)
- ctf-writeup (1)
- flagyard (1)
- codecon (1)
- ejs (1)
- ejs-exploit (1)
- blind-sql (1)
- file-upload-vulnerbility (1)
- extract-vulnerbility (1)
- jwt (1)
- graphql (1)
- lfi (1)
- Published on
Retrieving data from SQLite3 database by exploiting Blind SQl injection in Web Application