Hello guys, I am Adithya M S, a guy passionate about exploring hidden endpoints in web services and trying to dig deep into them. This is another article in my series of writeups based on Capture the…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A detailed walkthrough of solving a Capture The Flag challenge involving blind SQL injection on an API endpoint. The challenge requires extracting a 32-character hexadecimal admin password using boolean-based SQL injection techniques within 128 login attempts. The solution demonstrates how to exploit vulnerable API endpoints that directly incorporate user input into SQL queries, using binary search methodology to efficiently extract password characters bit by bit through differential response analysis.

The Flag API Key — 247CTF solution writeup