Possibly Related Threads…

unrecognized · Apr 06, 2025, 06:02 AM

sql injection in n8n endpoint.

zippo99 · Apr 06, 2025, 06:06 AM

im bob but where's the flag... ),:

AncientNull · Apr 06, 2025, 06:40 AM

(Apr 06, 2025, 06:02 AM)unrecognized Wrote: sql injection in n8n endpoint.

Are you talking about the auth endpoint, or the webhook in the wiki?

samuelballsiu1 · Apr 06, 2025, 07:44 AM

(Apr 06, 2025, 06:02 AM)unrecognized Wrote: sql injection in n8n endpoint.

I can't find the n8n endpoint, which you mentioned. Can you please be more clear?

date202511 · Apr 06, 2025, 07:47 AM

Did I miss something important?

jsvensson · Apr 06, 2025, 07:54 AM

(Apr 06, 2025, 07:44 AM)samuelballsiu1 Wrote:
(Apr 06, 2025, 06:02 AM)unrecognized Wrote: sql injection in n8n endpoint.

I can't find the n8n endpoint, which you mentioned. Can you please be more clear?

http://a668910b5514e.whiterabbit.htb/en/...h_webhooks

POST /webhook/d96af3a4-21bd-4bcb-bd34-37bfc67dfd1d HTTP/1.1
Host: 28efa8f7df.whiterabbit.htb -- this is n8n
x-gophish-signature: sha256=cf4651463d8bc629b9b411c58480af5a9968ba05fca83efa03a21b2cecd1c2dd
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/json
Content-Length: 81

{
"campaign_id": 1,
"email": "test@ex.com",
"message": "Clicked Link"
}

i think in this POST is sqli but can't get it work - maybe somebody explain how to do it

AncientNull · Apr 06, 2025, 07:58 AM

(Apr 06, 2025, 07:54 AM)jsvensson Wrote:
(Apr 06, 2025, 07:44 AM)samuelballsiu1 Wrote:
(Apr 06, 2025, 06:02 AM)unrecognized Wrote: sql injection in n8n endpoint.

I can't find the n8n endpoint, which you mentioned. Can you please be more clear?
http://a668910b5514e.whiterabbit.htb/en/...h_webhooks

POST /webhook/d96af3a4-21bd-4bcb-bd34-37bfc67dfd1d HTTP/1.1
Host: 28efa8f7df.whiterabbit.htb -- this is n8n
x-gophish-signature: sha256=cf4651463d8bc629b9b411c58480af5a9968ba05fca83efa03a21b2cecd1c2dd
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/json
Content-Length: 81

{
"campaign_id": 1,
"email": "test@ex.com",
"message": "Clicked Link"
}

i think in this POST is sqli but can't get it work - maybe somebody explain how to do it

The email field is injectable, I was able to drop a table, just not able to get output. You need to set the gophish signature with the secret in the json. Anyone have a known valid email for the box?

jsvensson · Apr 06, 2025, 08:02 AM

(Apr 06, 2025, 07:58 AM)AncientNull Wrote:
(Apr 06, 2025, 07:54 AM)jsvensson Wrote:
(Apr 06, 2025, 07:44 AM)samuelballsiu1 Wrote:
(Apr 06, 2025, 06:02 AM)unrecognized Wrote: sql injection in n8n endpoint.

I can't find the n8n endpoint, which you mentioned. Can you please be more clear?
http://a668910b5514e.whiterabbit.htb/en/...h_webhooks

POST /webhook/d96af3a4-21bd-4bcb-bd34-37bfc67dfd1d HTTP/1.1
Host: 28efa8f7df.whiterabbit.htb -- this is n8n
x-gophish-signature: sha256=cf4651463d8bc629b9b411c58480af5a9968ba05fca83efa03a21b2cecd1c2dd
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/json
Content-Length: 81

{
"campaign_id": 1,
"email": "test@ex.com",
"message": "Clicked Link"
}

i think in this POST is sqli but can't get it work - maybe somebody explain how to do it

The email field is injectable, I was able to drop a table, just not able to get output. You need to set the gophish signature with the secret in the json. Anyone have a known valid email for the box?

I knew about signature, what is your payload to drop table?

AncientNull · Apr 06, 2025, 08:06 AM

(Apr 06, 2025, 08:02 AM)jsvensson Wrote:
(Apr 06, 2025, 07:58 AM)AncientNull Wrote:
(Apr 06, 2025, 07:54 AM)jsvensson Wrote:
(Apr 06, 2025, 07:44 AM)samuelballsiu1 Wrote:
(Apr 06, 2025, 06:02 AM)unrecognized Wrote: sql injection in n8n endpoint.

I can't find the n8n endpoint, which you mentioned. Can you please be more clear?
http://a668910b5514e.whiterabbit.htb/en/...h_webhooks

POST /webhook/d96af3a4-21bd-4bcb-bd34-37bfc67dfd1d HTTP/1.1
Host: 28efa8f7df.whiterabbit.htb -- this is n8n
x-gophish-signature: sha256=cf4651463d8bc629b9b411c58480af5a9968ba05fca83efa03a21b2cecd1c2dd
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/json
Content-Length: 81

{
"campaign_id": 1,
"email": "test@ex.com",
"message": "Clicked Link"
}

i think in this POST is sqli but can't get it work - maybe somebody explain how to do it

The email field is injectable, I was able to drop a table, just not able to get output. You need to set the gophish signature with the secret in the json. Anyone have a known valid email for the box?

I knew about signature, what is your payload to drop table?

I was able to drop the victims table with "test@ex.com"; DROP TABLE victims;--"
DON'T do that unless you want to restart the box. I think without a valid email we will always get "Info: User is not in database" back.

aryphowake · Apr 06, 2025, 08:08 AM

With SQLi you can extract juicy data. The signature can be calculated using sqlmap and the eval param

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	SVCHOST Injector 2026	opsecmaster67	0	31	2 hours ago Last Post: opsecmaster67
	Cold Seal 5.6 cracked Sensitive information can be exposed or stolen	opsecmaster67	0	36	2 hours ago Last Post: opsecmaster67
	EagleRAT v2.5 Create backdoor access points	opsecmaster67	0	35	2 hours ago Last Post: opsecmaster67
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	43	3,455	3 hours ago Last Post: qwertyuiop0987654321
	CBBH Write Ups	hiddenhacker	27	6,728	3 hours ago Last Post: qwertyuiop0987654321