Event: Cyber Santa is Coming to Town – 2021 HackTheBox
the evil elves have changed the admin access to Santa’s Toy Management Portal. Can you get the access back and save the Christmas?
Opening the webpage we’re immediately prompted this access form:
A quick analysis of the source code can help us to resolve this challenge quiet easily.
database.js file, the code that check our credentials, we can see how the query is structured and see that it’s not sanitized:
This quickly translate into SQL injection vulnerability, in fact if we try using the most classic username with some default SQL comment character such as:
We can login as the admin user and get our flag