This is my first post in our I4INFO website. If you like to read our old blogs you are welcome, I4INFO Want to be a member of our team, contact us!
It was an start for the ctf , the first problem which I looked upon, by seeing the login page!the first thing that came in my mind is sql injection.
Sql injection the art of breaking sql code and execute our sql code , or make to make the authentication bypass.
The query that comes to the mind is "'or 1=1" , as usual tried and got the login bypass by using,
admin ' or 1=1#
The message I got was ,
Congratulation
Flag is your password
This is the hint for the problem, flag has been stored in the database!
Let the hack begin!
By trying the several query based on mysql we got to understand! Its not a mysql database. Its a sqlite3 database.
Problem solved , by 2 query execution we got the flag, the first query to get the table name.
admin' union select password,password from user where user="admin"
Read our website for further security Info in future