As i mentioned in launch Date challenge i found an injection point. where attacker use a malicious sql query in sender param which reveled all the chats including the launch date.
So the endpoint was process_getChat.php
Injection – Networking Challenge Writeup | SMP CTF 2024 - Selection Round
Nice try, Cupid 🏹
You’re legendary — but even legends can’t ❤️ their own writeups.
Pro tip: share it so others can mash that heart for you!
Auto-closing in 30s