🔎 it’s checking if the input starts and ends with {} and then parses it as JSON — no whitelist or blacklist for allowed characters, so we can abuse that.

giscus [bot]bot started this conversation in General c/ctf/picoctf/web/no-sql-injection #8 giscus [bot] bot Nov 17, 2024 · 0 comments Return to top Discussion options { {title}} Quote reply ...