Advent Of Cyber 2023 — Day 10

Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature?

giftsearch.php

Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website?

ODBC Driver 17 for SQL Server

Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database?

THM{a4ffc901c27fb89efe3c31642ece4447}

What flag is in the note file Gr33dstr left behind on the system?

THM{b06674fedd8dfc28ca75176d3d51409e}

What is the flag you receive on the homepage after restoring the website?

THM{4cbc043631e322450bc55b42c

That’s it | Visit mansoorbarri.com for other hacking & IT related articles.