Tags: sqli check-in 

Rating: 0


> This platform is under protection. DO NOT hack it.

**No files provided**


This was the check-in challenge for this CTF, which usually means "look for the flag in the IRC channel". But in this case the flag was nowhere to be found, neither in the IRC nor in the rules, nor in the webpage comments.

My teammate heard that the advertisement is in some way related to CloudFlare, and the CTF website was indeed protected by CloudFlare. I spent some time looking for something interesting in the WHOIS information, or something related to CF status reports, but to no avail.

The very first thing I tried with this challenge was actually to input `" OR 1 == 1 -- ` as the flag, and doing this redirected me to a login page. I did not think much of it, but I was never logged off, and inputting a wrong flag in the other challenges did not redirect - it simply flashed a "Wrong flag" message.

After entering a wrong flag for a different challenge for the first time, I realised this and came back to this challenge. Once again I input the SQL injection and looked in the HTML comments in the login form, and the flag was there!


arkr17997 – Aug. 29, 2018, 11:25 a.m.

I am here for the share this update to all web users you have to visit here and connect the remember passwords this is the latest version to perform on the web i must be like to share this information to secure the all file and documents.

Meyters – Sept. 25, 2018, 8:05 a.m.

Its a advertisement type of page. From that page i must tell you that you can think better for your assignmentgeek.com.au. That betterness is increase the passion to get work and from that work we can think about our future.

kellyleona00 – Oct. 15, 2018, 11:24 a.m.

Did you speak with the con artists by email to such an extent that it would take into account your distinguishing proof? That is the thing that I accept they would give your uni to endeavor to get you stuck in an unfortunate situation. help write my essay assignment won't give it a second thought whether you utilized the administration however as I expressed, I am far fetched they will research with much exertion.