Schema recovery
by YesWeHack
drag_indicator
drag_indicator
drag_indicator
select * from information_schema.xml
Can you exfiltrate the full XML structure with only a blind Xpath injection ?
Goal: find the hidden node starting with FLAG-
The format is FLAG-\d+
Hints
Solution
drag_indicator
INPUT
OUTPUT
drag_indicator
drag_indicator