Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017

2017-06-30

[public] 66.8K views, 2.04K likes, 10.0 dislikes audio only

This was considered a hard challenge. After finding and analysing the source code we found a GQL injection. Unfortuantely there is a system in place that will ban you for too many requests. So we use a modified binary search algorithm to finish in time.

gql.py: https://gist.github.com/LiveOverflow/16f0e4ff0ca9b0b993c25e14759de731

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/

#WebSecurity #CTF

Yama File
/youtube/video/za_9hrq-ZuA?t=186.25999

Query Language Injection
/youtube/video/za_9hrq-ZuA?t=241.459

Blind Injection
/youtube/video/za_9hrq-ZuA?t=311.539

LiveOverflow just a wannabe hacker... making videos about various IT security topics and participating in hacking competitions. -=[ ❤️ Support me ]=- Patreon per Video: https://www.patreon.com/join/liveoverflow YouTube Membership per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 📄 Imprint ]=- Security Flag GmbH Celsiusstr. 72 12207 Berlin Germany
/youtube/channel/UClcE-kVhqyiHCcjYwcpfj9w

I’m moving, no videos sorry 17,544 views
/youtube/video/9CS3q0uG1LI

Patreon patreon.com
https://www.patreon.com/join/liveoverflow

CTF video write-ups by LiveOverflow
/youtube/video/MpeaSNERwQA