Hi DaNeil,
I started doing CTFs yesterday, complete noob. Learned a lot from ur post. I did some research and learned SQL basics, some double SQL injection techniques. I think ur FLAG 2 worked like this: its an Error Based SQL injection. The intention is to produce some error that will leak information about the database, the count(), floor(rand()*2) a ... group by a will produce that KeyError because the interaction between group by(aggregation) and count(). Since we can see the error, we could add some information about the database in the concat(), which will become the key and produce KeyError and then gets displayed. The information we wanted simply came from information_schema. Then its basically iteration through the database.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi DaNeil,
I started doing CTFs yesterday, complete noob. Learned a lot from ur post. I did some research and learned SQL basics, some double SQL injection techniques. I think ur FLAG 2 worked like this: its an Error Based SQL injection. The intention is to produce some error that will leak information about the database, the count(), floor(rand()*2) a ... group by a will produce that KeyError because the interaction between group by(aggregation) and count(). Since we can see the error, we could add some information about the database in the concat(), which will become the key and produce KeyError and then gets displayed. The information we wanted simply came from information_schema. Then its basically iteration through the database.