vulnerability – M. Ștefan Cristian Infosec engineer navigating the digital & analog realms Tue, 10 May 2022 16:08:12 +0000 en-GB hourly 1 https://wordpress.org/?v=6.6.2 /wp-content/uploads/2021/10/icon.png vulnerability – M. Ștefan Cristian 32 32 UNbreakable CTF 2022 (individual) Writeups /2022/05/08/unbreakable-ctf-2022-individual-writeups/ Sun, 08 May 2022 22:52:45 +0000 /?p=609 Continue readingUNbreakable CTF 2022 (individual) Writeups

]]>

UNR 22

This contest phase took place between 6th – 8th of May 2022 and had 165 active participants (from both Romania and Republica Moldova).

I managed to get the 14th place, or 10th place for my category (university). All the official ranks can be found here: https://unbreakable.ro/clasament.
Even though this was the individual phase, I have to congratulate my two teammates (and faculty colleagues), Noria and Toma, who managed to get the 1st and 2nd place respectively. GG.

However, even though I had a busy weekend, I still solved 80% of the given challenges. The writeups can be found below.

]]> SQL Injections showcase /2021/10/06/sql-injections-showcase/ Wed, 06 Oct 2021 20:43:49 +0000 /?p=137 Continue readingSQL Injections showcase

]]> This is my winning solution for a faculty SQL Injection contest I participated in 2021.

The main challenge was to find inventive and playful ways to exploit database connected applications that are vulnerable to this kind of attack.

Therefore, I used two applications: one that was entirely coded by me, and the other being a vulnerable webservice hosted on a Linux server. It was fun ( ͡° ͜ʖ ͡°) .

Below is the complete description of the exploitation process / write-up.

DB schema

The Github repo for this solution can be found here.

The above PDF and video demo can be found here.

]]>