Skip to content

Latest commit

 

History

History
42 lines (30 loc) · 1.05 KB

File metadata and controls

42 lines (30 loc) · 1.05 KB

Irish Name Repo

Points: 200

Category

Web Exploitation

Question

There is a website running at http://2018shell1.picoctf.com:59464 (link) . Do you think you can log us in? Try to see if you can login!

Hint

There doesn't seem to be many ways to interact with this, I wonder if the users are kept in a database?

Solution

looking at the support section of the site, it can be seen that the site uses SQL to store data,this could mean that it is vulnerable to SQL injections

Cannot add name
Hi. I tried adding my favorite Irish person, Conan O'Brien. But I keep getting something called a SQL Error
That's because Conan O'Brien is American.
Admin

going to the login section of the site, it is seen that it accepts a username and password

Log In

Username: 
Password:

Using the username ' OR '1'='1' --, we get the flag.

Logged in!
Your flag is: picoCTF{con4n_r3411y_1snt_1r1sh_d121ca0b}

Working solution solve.py

Flag

picoCTF{con4n_r3411y_1snt_1r1sh_d121ca0b}