web

We’re presented with a largely static, single-page site - save for one input field that doesn’t seem to be processed on the client side. The challenge description also draws special attention to ‘columns’ and ’tables’. Given that there aren’t any HTML tables in the source, instinct says this might involve a database. If we try a classic single-quote injection (') we see the quote suspiciously disappear. Adding on both a semi-colon to terminate the SQL statement and a comment afterwards ('; -- ) we see that vanish as well!...