Tags: sql web node.js 

Rating: 4.0

Gist: Exploiting { extended: true } in body-parser. Parameters in the request body are not sanitized.

Original writeup (https://github.com/csivitu/CTF-Write-ups/tree/master/Google%20CTF/Web/Log-Me-In).