This write-up explains how I solved the "Encrypted Database" Web Security (Easy) challenge on the CyberTalents platform.

At first glance, the application appears to be a normal web page with no obvious unusual behavior.

None

Next, I inspected the page source to look for any suspicious content.

None

While reviewing the source code, I noticed the admin/assets/app.js path, which indicates the existence of an admin page, so I tried accessing it through the /admin path.

When I first accessed the /admin path, the server returned a 403 Forbidden error.

None

owever, when I added a trailing slash /admin/, the admin login page appeared.

None

After reaching the login page, I suspected a possible SQL Injection vulnerability and tested common payloads such as ' OR 1=1 --, but the application did not return any errors or abnormal responses.

None

After checking the source code again, I noticed another interesting path, secret-database/db.json.

None

After accessing this path, we found the flag

None
{"flag":"ab003765f3424bf8e2c8d1d69762d72c"}

See you soon! 👋😄

#CyberSecurity #WebPentesting #CTF#Z3DX