L4nzN0t•12mo ago

SQLi without spaces - CTF

Hi guys!! How are you? I’m struggling with a CTF challenge from a event in my town, and I’m stuck in a SQLi vulnerability. Until now, I figured out there is a SQLi, but I can’t understand how can I exploit it. May the experts can help me 😂😅

1 Reply

_null•12mo ago

You want to lookup how to make a post request. It can be done within burp or you could use other tools such as curl.

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"key1": "value1", "key2": "value2"}' \
  https://example.com/api/endpoint

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"key1": "value1", "key2": "value2"}' \
  https://example.com/api/endpoint

in this particular case you would have submitted your sqli in the employee_id field