SQLi Cards — Union Injection into SQLite
Union-based SQL injection in a card lookup form to enumerate tables via sqlite_master and extract the flag.
Sqli
Segnalazione Cinghiali — Union-Based SQLi in Node/Express
Union-based SQL injection in the report ID parameter of a Node.js/TypeScript Express app to leak the flag from a hidden table.
Blind SQLi Login — Boolean-Based Character Extraction
Boolean blind SQL injection on a login form to extract a password character by character using HEX comparison.
Basic SQLi — Classic OR 1=1 Login Bypass
Inject ’ OR ‘1’=‘1 into both username and password fields to make the SQL query always true and grab the flag from the response.
No Time — UNION SQL Injection with Keyword Filter Bypass via OFFSET Injection
A WAF strips forbidden SQL keywords. Inject OFFSET inside reserved words (SELECT → SELOFFSETECT) so after the WAF removes OFFSET the original keyword is reconstructed, landing a UNION SELECT to dump the flag.
Sn4ck Sh3nan1gans — UNION SQL Injection via Base64 JSON Cookie
The server reads a base64-encoded JSON cookie containing an ID field and passes it unsanitised into a SQL query. Inject a UNION SELECT payload inside the JSON, re-encode as base64, and set the forged cookie to extract the flag in three phases.