Another day, another CTFlearn write-up. Today, we will walk through simple web hacking. Web hacking is quite common in the CTF challenge and most of the challenge starts with web hacking until you get a reverse shell by doing an exploit. Let’s get started.
1) Basic Injection
Just like the title said, the task involves SQL injection (SQLi.). You can complete the challenge by using a simple payload such as
' or '1'='1
The payload going to pull all the data from the database. This is because the input filed is not sanitized which makes the searching field vulnerable to the SQL injection. a hacker can pull all the information from a database that included sensitive data.
That’s all for the simple web challenge. Bye 😉