I have been Using CTF’s to learn and keep sharp for a while and I am continuing on in my series of write ups of the RingZer0Team challenges it is time for an installment on SQL injection. I have previously written about the Javascript RingZer0Team CTF challenges.
I have set myself the challenge of writing up the details of each challenge that I solve as a reminder to myself, as a reference and as a resource to help others on their CTF journeys. In this post I outline the first few SQL challenges I have completed and the rabbit holes it took me into along the way as the challenges get increasingly difficult.
ACL rulezzz the world
https://ringzer0team.com/challenges/2
You are provided a simple drop down that submits a username variable to a vulnerable server.
Passing in a simple single quote yields a MySQL syntax error so that gives us a good starting point as to the syntax we should work with.
Using the built in functionality passing in a username returned three fields:
- Username
- Group
- Description
Assuming this the SQL query will be along the lines of
SELECT Username, Group, Description FROM <tablename> WHERE…