CTF secrets revealed: TopLang challenge from SnykCon 2021 explained

The challenge, "Fetch the Flag" from SnykCon 2021, was a web-based challenge involving an oracle attack using blind SQL injection. The team approached this problem by first investigating the available pages and identifying potential attack vectors. They then tested the vulnerability of the order query string and determined that it was susceptible to a blind SQL injection attack. Using an oracle attack, they were able to extract the login information from the database, including table names, column names, and data. The team then used this information to manipulate the admin panel's cookies and gain access to the admin page, ultimately retrieving the Snyk CTF flag.