Rating:
# SQL Direct - picoCTF 2022 - CMU Cybersecurity Competition
Web Exploitation, 200 Points
## Description
## SQL Direct Solution
Let's connect to the PostgreSQL:
```console
┌─[evyatar@parrot]─[/pictoctf2022/web/sql_direct]
└──╼ $ psql -h saturn.picoctf.net -p 61206 -U postgres pico
Password for user postgres:
psql (12.3 (Debian 12.3-1+b1), server 14.2 (Debian 14.2-1.pgdg110+1))
WARNING: psql major version 12, server major version 14.
Some psql features might not work.
Type "help" for help.
pico=#
```
Now, Let's run ```/dt``` to list the tables of the public schema:
```console
pico=# \dt
List of relations
Schema | Name | Type | Owner
--------+-------+-------+----------
public | flags | table | postgres
(1 row)
pico=#
```
Now let's run ```select``` command from ```flags``` table on ```public``` schema:
```console
pico=# select * from public.flags;
id | firstname | lastname | address
----+-----------+-----------+----------------------------------------
1 | Luke | Skywalker | picoCTF{L3arN_S0m3_5qL_t0d4Y_0414477f}
2 | Leia | Organa | Alderaan
3 | Han | Solo | Corellia
(3 rows)
```
And we get the flag ```picoCTF{L3arN_S0m3_5qL_t0d4Y_0414477f}```.
