Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=za_9hrq-ZuA


Duration: 14:25
75,359 views
2,034

This was considered a hard challenge. After finding and analysing the source code we found a GQL injection. Unfortuantely there is a system in place that will ban you for too many requests. So we use a modified binary search algorithm to finish in time.

gql.py: https://gist.github.com/LiveOverflow/16f0e4ff0ca9b0b993c25e14759de731

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

#WebSecurity #CTF



Other Videos By LiveOverflow


2017-08-29RHme3 qualification ended but you could still get a board!
2017-08-25Don't trust time
2017-08-20Reminder: sign up for RHme3 hardware CTF - loopback 0x04
2017-08-18Making-of LiveOverflow Videos 2017
2017-08-11Reverse Engineering PopUnder Trick for Chrome
2017-08-04Reverse Engineering Obfuscated JavaScript
2017-07-28Injection Vulnerabilities - or: How I got a free Burger
2017-07-21Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23
2017-07-14Identifying another exploit mitigation and find bypass. stack0: part 2 - bin 0x22
2017-07-07Buffer overflow on a modern system impossible? stack0: part 1 - bin 0x21
2017-06-30Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017
2017-06-23Failing easy local file inclusion challenge - mindreader (misc) Google CTF 2017
2017-06-16Hardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)
2017-06-09Defeat 2FA token because of bad randomness - rhme2 Twistword (Misc 400)
2017-06-06[Podcast] Fuzzing FFmpeg - Paul Cher
2017-06-02Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
2017-05-26RSA Power Analysis Side-Channel Attack - rhme2
2017-05-19Breaking ECDSA (Elliptic Curve Cryptography) - rhme2 Secure Filesystem v1.92r1 (crypto 150)
2017-05-12Reversing an unkown digital protocol with an Arduino - rhme2 Whac the mole (misc 200)
2017-05-05Blind Buffer Overflow exploitation to leak secret data - rhme2 Animals (pwn 200)
2017-05-02How (not) to ask a technical question


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
gql
google query language
gql injection
binary search
binary search algorithm
blind gql
blind sql
sql injection
google graph language
google ctf
googlectf
gee clue elle
a7
OWASP A7
owasp
a7 controversy