Web - 40 Points
I just created a site with a list of popular presidential candidates!
After some trying with sqlmap, we found out that there was some sort of WAF/IPS. This tampering script (space2morehash.py) was useful to find a valid injection point. It replaces space character (‘ ‘) with a pound character (‘#’) followed by a random string and a new line (‘\n’). Take note that the minimum version required for it to work is MySQL >= 5.1.13.