The miners website has been working on adding a login portal so that all miners can get the flag, but they haven't made any accounts! However, your boss demands the flag now! Can you get in anyway? miners.vuln.icec.tf
- Notice that users database is empty!
- We have the source code:
- Even if DB is empty we need the SQL request to generate 1 row:
mysqli_num_rows($result) !== 1.
- To do that we will use and
UNIONwith a non-empty
SELECTrequest and we'll try to guess number of columns.
' UNION SELECT 1,2,3 #and Password:
Note: Database is MySQL.