This CTF story is based on the Resident Evil Movie.
There is a devil company name "Umbrella" which involves illegal activities a lot. So the player needs to find the evidence that the "Umbrella" is doing some illegal stuff.
Here, The user know only there is website for the "Umbrella" company. There is no details were exposed.
Sql Injection
Directory Traversal
Sensitive Data Exposure
Stored XSS
File Upload
Remote Code Execution
Privelege Escalation
' OR '1'='1' -- -
' OR id=(SELECT id FROM (SELECT id FROM user_details ORDER BY id LIMIT 1 OFFSET 1) AS t) -- -
( i really planned a different thing , i planned to use the stored xss and create a admin login simulation for being victimized in the XSS attack. But due to some docker network issue , i changed the plan)
Thanks for the oppurtunity after a long time i worked this much Due to my end sem examination, I can't do as i planned but i nearly completed what i thought I'm to work as a team and correct my self