Home Playground OSCP Buy Me a Flag 🚩

Home Playground OSCP Buy Me a Flag 🚩

🚩Zeyu's CTF Writeups
Home
Playground
OSCP
My Challenges
2023
2022
2021

Powered by GitBook

On this page

Problem
Solution
References

Was this helpful?

2021

picoCTF 2021

X marks the spot (250)

Blind XPath injection

PreviousStartup Company (180)NextWeb Gauntlet (170 + 300)

Last updated 2 years ago

Problem

Another login you have to bypass. Maybe you can find an injection that works?

Solution

I've turned this into a Medium article! Read the solution here:

Blind XPath Injections: The Path Less Travelled

References

https://owasp.org/www-community/attacks/XPATH_Injection
https://book.hacktricks.xyz/pentesting-web/xpath-injection

http://mercury.picoctf.net:16521/mercury.picoctf.net