EZ-CTF
  • Forensics
    • DigitalOcean
  • Web
    • Super Secure
    • I made a blog!
    • Race #1
    • Race #2
  • pwn
    • Mario bros!
    • Save peach!
  • Steganography
    • Bernie
    • Neo
    • Nobody's perfect
Powered by GitBook
On this page
  • Description
  • Hint
  • Writeup
  • Flag
  1. Web

Super Secure

Web Challenges by EZ-CTF

PreviousWebNextI made a blog!

Last updated 2 years ago

Description

This is so unbreakable! http://ez.ctf.cafe:8888

Hint

Did you get your Covid Injection?

Writeup

When you open the website, you will see something like this

Now, seeing this like of name and password, one thing will directly popup in your mind, what is it?

Yes, that is SQL Injection

When we write ' in name and password, we can see something like this

From this, we get to know what this is MySQL Database, and how to do the injection in this website.

My Payload:

name: admin' or ''='

password: YouAreHacked

Boom 💥, we got the Flag!!! 🥳

Flag

EZ-CTF{N0t_S0_S4f3_4ft3r_411}

Screenshot of challenge
homepage of website
Could not successfully run query (SELECT * FROM members WHERE username = ''' AND password = '3590cb8af0bbb9e78c343b52b93773c9') from DB: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '3590cb8af0bbb9e78c343b52b93773c9'' at line 1