CyberTalents — CatchMomen(Web Security) Writeup
When you open the web page you will see a normal company website but let’s try to login
go to http://3.126.138.80/catch/login.php

let’s looking at the source code I found a credential which maybe will allow me to login but it is not working.
it gives me an error message ‘User not found’

so maybe sql injection , let’s try to do it just open up Burp Suite and move on to brute force on this login page you can use this link :
https://github.com/payloadbox/sql-injection-payload-list and try to brute force with Burp Suite

as we can see there’s a WAF that blocking some payloads
WAF Bypass
Let’s enter a normal SQL query like this:
uname=GG_Homie!&pass=GG_Homie!'+OR+1=1+#
it blocked. let’s add something different. let’s first start by this:
uname=GG_Homie!&pass=GG_Homie!'+
The WAF accepts the payload, let’s continue and add OR
to it:

OR
is blocked but we know that OR= ||
we can now use ||
instead of OR

And bypass The WAF
Let’s continue our payload and 1=1 to be able to login.

But it’s also Blocked
I tried 4!=2
which should be treated as true and I was able to get the flag
