Ok, here is the solution for the very basic SQL injection CTF located on https://web.ctflearn.com/web4/.
When you load the page you see this:
There is nothing to do here, except entering some inputs, which leads nowhere.
So, I checked the source code of the webpage.
Very simple stuff, but look at that comment line.
I tried all three, and Luke was the one giving me something… useful?
It seems we can query usernames, and some data related to them. But there is nothing more.
The CTF is named as “Basic Injection”. So, l decided to try the most basic SQL hacking techniques.
If your aim is to dump a database, the most basic technique you can use is the “OR 1”, which is a simple yet devilish way to alter the query to trick the database.
Here is how it works:
A legitimate query would be something like this;
SELECT * FROM User WHERE Name =’ ‘
But we alter the query and enter ‘ or ‘1’=’1 in the input field instead of the actual name. And look what happens;
SELECT * FROM User WHERE Name =’‘ or ‘1’=’1‘
Because of the fact that 1=1 would always return TRUE, this query simply means “Show me everything”.
And here is the result:
Look at that name “fl4g_giv3r”. Obviously, the Data portion was our flag, we successfully captured it.