#Web

We’re presented with a largely static, single-page site - save for one input field that doesn’t seem to be processed on the client side. The challenge description also draws special attention to ‘columns’ and ’tables’. Given that there aren’t any HTML tables in the source, instinct says this might involve a database. If we try a classic single-quote injection (') we see the quote suspiciously disappear. Adding on both a semi-colon to terminate the SQL statement and a comment afterwards ('; -- ) we see that vanish as well!...

Browser Bias This challenge gives us very little information, just a URL to a site that tells us Sorry, this site is only optimized for browsers that run on commodo 64. However, this also narrows our focus down to a singular goal - trying to convince the website that we are accessing it from whatever a ‘commodo 64’ is. The first thing we need to know is how the browser can determine what type of client is making a request to it....