Flames

Ahh, No critisism but this was very poorly made. Like it wasn’t a exploit or anything. Probably it was made for script kiddes. Solution was to include “union select” in input anywhere, in the back server was just checking if the input contains “union select” then it will give the flag (a page that will lead to flag).

Teams who are using automated scripts or script kiddies just copy pasting the code will get the flag. But out team spent non healthy amount of time to systematically break out of the input. We trid all sort of injections, even we reached at limit we passed the every charater possible char 0 to char 255, to look for any errors, but got nothing.

Then one of our member found the db.php file and we turned our attention back to SQLi. We weare tring to break out thinking it is some complex filtering going on in backend. at this point team was getting so demotivated because of rapidly increasing solve count of this chall.

Our payloads weare not working because we were not includeing “union select” directly either obuscated or working to break where query. That one query after very very long time containing “union select” gave us the flag.

Very Very Very Disappointing challange.