[CTF] WU - Access Granted
CTF InterCampus Ynov 2024
Difficulty Level : Very Easy
Challenge Category : Web
Description :
An employee website was designed, but it seems that security was not a priority. Will you be able to access the hidden section reserved for administrators? Maybe a simple mistake will get you there...
The flag address is well-guarded, but once you're logged in, everything will become clear.
Solution Steps
Step 1: Analyze the Web Application
-
Visit the Login Page:
- Access the provided web application URL:
http://<IP>:<PORT>/login. - The login page contains fields for username and password.
- Access the provided web application URL:
-
Test the Input Fields:
- Try entering random credentials (e.g.,
username: testandpassword: test). - Observe that invalid credentials return an "Invalid login!" message.
- Try entering random credentials (e.g.,
Step 2: Test for SQL Injection
Based on the challenge description, the login functionality is likely vulnerable to SQL Injection (SQLi).
Crafting a Payload:
To bypass authentication:
- Use the following username:
' OR '1'='1 - Leave the password field blank.
Explanation:
- The payload
' OR '1'='1closes the SQL query's string and appends an always-true condition. - This tricks the application into validating the login without checking the actual credentials.
Step 3: Execute the Payload
-
Input the following credentials into the login form:
- Username:
' OR '1'='1 - Password: (leave blank)
- Username:
-
Submit the form.
Expected Result:
- The SQLi bypasses authentication and logs you in as an administrator.
Step 4: Access the Admin Panel
After successful login:
-
Navigate to the admin panel at:
http://<IP>:<PORT>/admin -
The admin panel displays the flag:
FLAG{s1mpl3_sq1_1nj3ct10n_fl4g}