logo

DOJO CHALLENGE #19 Winners!

ID: d67f5377-88ff-58de-bb1b-064a57fa36cb

STIX ID: report--d67f5377-88ff-58de-bb1b-064a57fa36cb

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
60/100

Date Published: 2022-02-12

Date Updated: 2026-07-04

...
...

This report is a detailed write-up of a blind/limited SQL injection challenge: it explains how to bypass input filters using comment separators and allowed characters to close conditions and inject UNION/SELECT payloads that concatenate columns (email||'~'||password) to retrieve admin credentials; it includes final payloads and a disclosed admin email/password (challenge flag), and recommends parameterized queries as mitigation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.