technique://SQL Injection
- SequelLinux Tier 1 Apr 28, 2026
MariaDB root with no password on port 3306 — from initial banner grab to database enumeration to flag extraction, no exploit required.
- AppointmentLinux Tier 1 Apr 28, 2026
SQL injection in a login form — `' OR '1'='1` as username turns authentication into a formality and exposes the flag in one request.
also uses: Directory Busting