7 minute read Nov 26, 2012
Continuing from the last post, we are now logged in as a user. The next step on the PDF from the agent, that we can access, is the Notes Service. I started analyzing the source code, and noticed that the text that says “yes” or “no” in the table is actually an image being rendered from the hasnotes.php file. I started tinkering with that file, and found that it was vulnerable to SQL injection.