Ctflearn Inj3ction Time Writeup
Hey there!
In this writeup, I will be cracking the CTFlearn Inj3ction Time Challenge
At first, I tried using union selecting or something as the challenge said to do:
I knew that there were about 3 or so columns in the current database so I ran ?id=1+union+select+1,2,3 But that returned nothing.
So I thought that maybe adding another one would work so I used the command ?id=1+union+select+1,2,3,4 which returns:
To make sure I am going somewhere with this, I went ahead and replaced 3 with version() as seen below:
Now we’re getting somewhere.
I then decided to look into one of the articles from acuentix (which is found in the comments of the challenge) about SQLI as I am not that advanced in the subject (which I guess wouldn’t be counted as cheating) and ran the command recommended by the article which is injecting
(SELECT+group_concat(table_name)+from+information_schema.tables+where+table_schema=database())
So then I did that and got these results:
i then ran the command (SELECT+*+FROM+w0w_y0u_f0und_m3)
Which then gave me this:
Thanks for reading!