Injection - SMP CTF 2024 - Selection Round

Posted on January 1, 2025 by rahisec

As i mentioned in launch Date challenge i found an injection point. where attacker use a malicious sql query in sender param which reveled all the chats including the launch date.

So the endpoint was process_getChat.php