daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/CTF After Dark - Winter 2023/Bank/README.md

31 lines
959 B
Markdown
Raw Normal View History

feat: added CTF After Dark - Winter 2023
2023-03-09 15:43:49 +00:00
# Bank
> This is a bank. I hate php very much. Here
## About the Challenge
In the website there is a login form like this
![preview](images/preview.png)
## How to Solve?
This is SQL injection chall and we need to get the flag from the database, luckily the website showing us the query and the result on the website. For example I inputted `test/test` as the username and the password
![input](images/input.png)
feat: added picoCTF
2023-04-01 09:50:03 +00:00
And we know the flag was located on `flags` table and in that table there are 2 columns. `flag` and `value` So we can input the payload like this
feat: added CTF After Dark - Winter 2023
2023-03-09 15:43:49 +00:00
```
Username: ' union select group_concat(flag, value),2,3 from flags-- -
Password:
```
Because there is a filter on the `select` keyword, we can bypass that filter by using `selselectect`. And then read the flag on `flags` table. This is the final payload.
```
' union sselectelect group_concat(flag, value),2,3 from flags-- -
```
![flag](images/flag.png)
```
flag{3min3m_kind@_wa$hed}
```