Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature?

/giftsearch.php

Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website?

ODBC Driver 17 for SQL Server

Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database?

THM{a4ffc901c27fb89efe3c31642ece4447}

What flag is in the note file Gr33dstr left behind on the system?

THM{b06674fedd8dfc28ca75176d3d51409e}

What is the flag you receive on the homepage after restoring the website?

THM{4cbc043631e322450bc55b42c}