Python3

WAF Bypass - Exclude spaces

by Brumens
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

WAF Bypass - Exclude spaces

Description

The WAF will block any request that contains a space, tab or newline

Goal

Bypass the firewall by exploiting the SQL injection in the vulnerable application without using any spaces and extract the flag that is set as the admin's note.

Note : The FLAG is in the form of : FLAG{<four_digits>}

Hints

Hint #1
expand_more

Use characters and features within SQL (SQLite3) that can be used instead of spaces

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result