// CTF CHALLENGE 22
WAF Bypass & Data Exfiltration
π‘οΈ Alert: Cloudflare Active
You tried to inject the vulnerable parameter but the firewall (WAF) kicks you out upon detecting spaces (%20) in SQL statements.
Write the sqlmap command that loads your local capture request.txt, points to the corp_db database, and extracts (dumps) the content of the admin_creds table. To fool the WAF, you must use the tamper script modifier named space2comment.