If you like to read our old blogs you are welcome, I4INFO
Web 100
Here you have a website with upload option, the rule is you have to successfully upload the file. That means you have to upload a php file.
Remembering all previous CTF, I tried all those methods, I failed to get the flag. The solution is simple, use a burp suite and analyze the request, change the case of the content type that means make the 'M' of multipart as capital. And the filename should be same as "shell.php" and content-type:image/png. This was zero day in wave cms.
The Legend!!!(NoSQL Injection)
NoSQL is also called "Not only SQL" to emphasize that they may support SQL like query language. It has no tabular relations used in relational databases. It is used in many of the top companies such as Google, Amazon and Facebook. Some of the famous NoSQL database are MongoDB,Apache Cassandra and Redis.
NoSQL offers perfomance and scaling benefits but yet the database are still vulnerable to injection attacks. The main problem is that we have 150 NoSQL database, each offer different features and restrictions. So anyone testing should be familiar with the syntax.
Web 300 - Payload
1%27});return%20{title:tojson(db.user.find()[0])}//
Solution link
FlagMan(Github Oauth)
Change the github name as given below, then login, you will get the flag. Check this link for more info.
Thank you for reading the blog!