Ctflearn Writeup Web | Easy | Solutions
CTFlearn (Capture The Flag) writeups,solutions, code snippets, notes, scripts for beginners web(easy)..
.jpg)
Basic Injection
See if you can leak the whole database. The flag is in there somwhere… https://web.ctflearn.com/web4/
As there is nothing on the page so let us move to the Page Source.
As the source code is quite simple but notice the comment is contains some name. But pasting them in the box on the page gives useless information, but one can notice that the page is vulnerable to SQL injection as the name of the level suggests. Now we need to fool the database somehow to display all the information stored in it. TO alter the query, enter ‘OR’ 1 ‘=’ 1 in the input field instead of the actual name.
WOW!! It shows all the data which also contains our flag..
Flag- th4t_is_why_you_n33d_to_sanitiz3_inputs
Thanks for your patience,I hope you enjoyed reading. Happy Hacking…