Skip to main content

giant

1

We are provided with the SQL query:

SELECT 1234 FROM{$_GET[shit]}prob_giant WHERE 1

Filter

The code filters out the following characters:

  • Space
  • New line
  • Carriage return
  • Tab

In order to solve the challenge, we have to separate the FROMprob_giant. Since Tabs are filtered out, we have to use the Vertical tab (%0B) character.

If we provide the following URI parameter:

?shit=%0B

SQL parsers typically treat vertical tabs as whitespace. Therefore, injecting a vertical tab (%0B) should be parsed as a space by the SQL engine.

The resultant query becomes:

SELECT 1234 FROM prob_giant WHERE 1

2