SQL Injection on Base64 Encoded String Parameters

This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,


SkyTower CTF Walkthrough

The following article is a walkthrough for Skytower Vulnerable machine. This machine is a web application Capture the flag machine. This machine is filtered and an appropriate methodology is required here. Objectives: Obtain the flag.txt file from /root/ So let’s dive: Tools: Virtual Machine or VMware Kali OS I located the skytower vulnhub’s IP address

%d bloggers like this: