Bypassing SQL Filters Using Command Substitution | OverTheWire Natas Level 16

We covered OverTheWire Natas Level 16 CTF where we went over a blind SQL injection scenario that uses command substitution to bypass character filters. The character filters used preg_match function in PHP to create a blacklist of characters commonly used in SQL Injection. This was part of OverTheWire War Games Natas Level 16

Get OSCP Certificate Notes

Natas Level 16 Password:

TRD7iZrd5gATjj9OkPEuaOlfEjHqj32V

Video Walkthrough

CTF Writeups, OverTheWire CTF, OverTheWire Natas Level 16, OWASP, sql inection

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Bypassing SQL Filters Using Command Substitution | OverTheWire Natas Level 16

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

CVE-2023-4911 Looney Tunables | Linux Local Privilege Escalation

PASTA Framework Explained | Threat Modeling | TryHackMe

Press ESC to close

Bypassing SQL Filters Using Command Substitution | OverTheWire Natas Level 16

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

CVE-2023-4911 Looney Tunables | Linux Local Privilege Escalation

PASTA Framework Explained | Threat Modeling | TryHackMe