Bytemancy 0 — picoCTF Writeup
This article describes an SQL Injection vulnerability discovered during a CTF (Capture The Flag) event. The application accepted user input from a search bar without proper validation, allowing the injection of SQL commands via single quotes and a UNION query. The researcher exploited this flaw by combining multiple SQL statements to extract usernames and hashed passwords from the database and base64-encoding them for further manipulation. The resulting payload was a JavaScript snippet that decoded the extracted data and displayed it in an alert box on the page. This vulnerability highlights the importance of input validation and proper handling of user-supplied data in security contexts. Remediation would involve implementing strong input sanitization, parameterized queries, or stored procedures to prevent SQL injection attacks. Key lesson: Always validate inputs and use secure coding practices to protect against SQL injection. #BugBounty #SQLInjection #CTF #WebSecurity #Infosec

https://medium.com/@may.hack/bytemancy-0-picoctf-writeup-7cee4cb45102?source=rss------bug_bounty-5