[Hacking walkthrough] CTFLearn: Web (Easy)

[Hacking walkthrough] CTFLearn: Web (Easy)

Another day, another CTFlearn write-up. Today, we will walk through simple web hacking. Web hacking is quite common in the CTF challenge and most of the challenge starts with web hacking until you get a reverse shell by doing an exploit. Let’s get started.

1) Basic Injection

Link: https://ctflearn.com/challenge/88

Just like the title said, the task involves SQL injection (SQLi.). You can complete the challenge by using a simple payload such as

' or '1'='1

The payload going to pull all the data from the database. This is because the input filed is not sanitized which makes the searching field vulnerable to the SQL injection. a hacker can pull all the information from a database that included sensitive data.

Answer: th4t_is_why_you_n33d_to_sanitiz3_inputs

Conclusion

That’s all for the simple web challenge. Bye 😉

Share the knowledge

Leave a Reply