# 0123: Friends Search Engine

| Name                                                                      | Authors                                                                       | Category    |
| ------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ----------- |
| [Intigriti January Challenge (2023)](https://challenge-0123.intigriti.io) | [samk0o0](https://twitter.com/samk0o0) + [mrkcdl](https://twitter.com/mrkcdl) | SQLi, NoSQL |

## Video Walkthrough

[![Second order NoSQL injection? - Solution to January '23 Challenge](https://img.youtube.com/vi/bAWOY2sim4o/0.jpg)](https://www.youtube.com/watch?v=bAWOY2sim4o)

## Challenge Description

> Find the flag and win Intigriti swag.

## Useful Resources

* [SQLi](https://portswigger.net/web-security/sql-injection)
* [SQLi Payloads](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection)
* [Second order SQL injection](https://portswigger.net/kb/issues/00100210_sql-injection-second-order)

## Community Writeups

1. [joaxcar](http://blog.joaxcar.com/writeups/2023/01/18/intigriti-january-challenge-2023)
2. [antonio](https://medium.com/@antonio341375/intigriti-challenge-0123-writeup-3ccd7188017c)
3. [huli](https://blog.huli.tw/2023/01/23/en/intigriti-0123-second-order-injection)