2024-11-18
Appointment - Authentication Bypass via SQL Injection (SQLi)
Technical writeup detailing the compromise of the Appointment machine. The primary vulnerability is an Authentication Bypass via SQL Injection (SQLi) affecting the web application's login form. By injecting the payload 'admin'#' into the username field, the SQL query is manipulated to bypass the password check, allowing unauthenticated access as the admin user to retrieve the flag.