Source will NOT be provided for these challenges.
This is designed to be hosted in a "each team gets a private instance" manner.
See the CTFd folder in this repo for details on how this challenge will be spun up per team.
In CTFd, this will use the "private_challenges" custom challenge type so that it can be spun up per team.
I hope my under construction web site is secure.
Solving this will unlock a series of related challenges that ALL use the same challenge instance.
Source is not provided on purpose.
To find the first flag, find a way to view the text of the SQL query. If you find some other flag, it will be related to one of the others in this series.
Note: Automated tools like sqlmap and dirbuster are not allowed (and will not be helpful anyway).
The next flag is hiding in another table. Can you find it?
There is a DB user named 'flag'. To find the next flag, figure out the password for this DB user.
The flag will be: wctf{}
Note: The password can be found in the rock you word list.
Note: Use your team instance from Order Up 1.
The next flag is inside a disk file whose name is like /flag*.txt
Note: Use your team instance from Order Up 1.
SamXML