This is a challenge for the Hackvent 2022.
Santa brings you another free gift!
We are happy to announce a free note taking webapp for everybody. No accout name restriction, no filtering, no restrictions and best no bugs!
Because it cannot be hacked Santa decided to name it Notme = Not me you can hack!
Or can you?
The application is vulnerable to blind SQLI on the note update endpoint /api/note/update. To make it a little harder:
- sqlmap user-agent isn't allowed
- default sqlmap exploit will override the flag
Install the dependencies in the root and frontend folder with yarn.
After that build the frontend with yarn run build. Then build the backend with yarn run build.
Configure the DB connection and the flag within the .env file.
Start the whole thing with yarn run start.
HV22{Sql1_is_An_0Ld_Cr4Ft}
Abuse the SQLI with a custom script.
A solution script is solution.py. Not the fastest nor best script but hey it works