2019 Stonecutters - Bleeding Gums
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidXWyTDFZDvz3zU3X40SGFOTSdJ7Q02qs7BayM0ZS2Otl5Yt5pGlacSHo2dSkvWKu0A992rGrl5GUcfupMBJ0SFiE4wG84oQafKUsnz6dU_TqKYt_pxMto44XlKU8dWcy2G1FlI-W_Qa4O/s640/RIP.png)
In honor of Bleeding Gums Murphy, who passed away 24 years ago today; I thought it would be nice to pay tribute to him by publishing my write-up for the Stonecutter's "Bleeding Gums"challenge. RIP Bleeding Gums Bleeding Gums was an empty website aside from a single search field as seen below: index.php When I searched for the letter "a", I saw the table below: Search Results When I searched for the letter "b", I saw a smaller data set returned and some of the artists were different. Next, I searched for years and album titles but the query only seemed to search for Artists. Searching for ' gave me the following SQL error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')'' at line 1 I threw sqlmap at it but I wasn't able to get anything out of it. I then started to play with the injection manually. With this