Skip to content

Latest commit

 

History

History
52 lines (34 loc) · 2.37 KB

web.md

File metadata and controls

52 lines (34 loc) · 2.37 KB
Raw

TJCTF 2023 - Web Challenges

#1: hi

Description/Sources

Screenshot 2023-05-27 at 00 02 37

hi

  • The link directs us to the following website

    Screenshot 2023-05-27 at 00 12 04

  • Inspecting the website, we can see that the flag is hidden under a canvas

    Screenshot 2023-05-27 at 00 15 06

  • We can remove the line above the flag image to reveal the flag

    Screenshot 2023-05-27 at 00 17 11

Flag

tjctf{pretty_canvas_577f7045}

#2: swill-squill

Description/Sources

Screenshot 2023-05-27 at 00 18 59

Instancer

  • The Instancer directs us to the following website

    Screenshot 2023-05-27 at 00 30 44

  • From app.py in the server folder

c = conn.cursor()

string = "SELECT description FROM notes WHERE owner == '" + name + "';"
c.execute(string)
  • We can perform an SQL injection whereby if we put ' OR 1=1; -- in the Name field, the SQL command above will become "SELECT description FROM notes WHERE owner == '' OR 1=1; --';". The -- turns everything behind it on that line into a comment, and since '' OR 1=1 always return True, the website will display everything from every owner in the database.
  • Since admin is the first entry in the database, the first few lines displayed will contail the flag.

Screenshot 2023-05-27 at 00 31 44

Flag

tjctf{swill_sql_1y1029345029374}