1 supporter
Exploit Blind SQL Injection to deseriali ...

Exploit Blind SQL Injection to deserialize objects and execute code

Dec 27, 2022

Elf Resources is an easy-to-medium web challenge from the X-MAS CTF 2022, involving the exploitation of a blind SQL Injection in order to retrieve some python objects and then exploit an arbitrary deserialization vulnerability to exfiltrate the flag.

You can find my notes here!


Enjoy this post?

Buy 0xbro a coffee

More from 0xbro