Descriptions:
Solution:We are trying to find out what our grade was, but we don't seem to be in the database...Can you help us out?http://104.199.151.39/index.html
1. "in the database..." on description make me sure, It about SQL Injection.
2. Index page have a input of name that want to show grade.
3. View source in index.html and get some script.
4. In line 46 is vulnerable to SQL Injection but in line 50 means the data will send with md5 to postQuery.php by ajax.
5. In Response tab, I found some comment that tell me a SQL query statement.
6. Write a python script to get data in each step, Found Database: tuctf, Tables: tuctf_grades, tuctf_info, tuctf_junk Columns: item, value and Flag store in tuctf_info.
7. select value from tuctf_info
Python Script:
Flag: TUCTF{v4ccinate_y0ur_databa5e5}
ไม่มีความคิดเห็น:
แสดงความคิดเห็น