Tags: sqlinjection 


This was a SQL injection web vulnerability. Could be easily confirmed by using a always true condition chained in the input.
Next we need to find the database which was SQLLite.
Followed by the table name as "taxi".

Once these are done, we can easily add a union query to get the required details to form the flag. Read the writeup for detailed information.

Original writeup (https://c12yptonic.github.io/ctf-writeups/ctfs/deconstructf21#taxi-union-problems-).