Tweetr — Blind Boolean SQLi

Tweetr's username check leaks only true/false. The flag lives in a hidden secrets table. Use blind boolean injection to extract it character by character.

Step-by-step walkthrough ↗

Extract the flag from the hidden secrets table using blind boolean SQL injection against a username-check endpoint that returns only true or false.