search

Irish Repo Name

hashtag
Irish-Name-Repo 1

hashtag
Description

AUTHOR: CHRIS HENSLER

There is a website running at https://jupiter.challenges.picoctf.org/problem/33850/ (linkarrow-up-right) or http://jupiter.challenges.picoctf.org:33850. Do you think you can log us in? Try to see if you can login!

hashtag
Solution

When we visit Support someone complains that they're getting SQL error because of Conan O'Brien.

irish-name-repo-1-1

We got to Login page and try basic SQLi payload ' or 1=1 -- and we get in.

circle-check

Flag: picoCTF{s0m3_SQL_f8adf3fb}

hashtag
Irish-Name-Repo 2

hashtag
Description

AUTHOR: XINGYANG PAN

There is a website running at https://jupiter.challenges.picoctf.org/problem/64649/ (linkarrow-up-right). Someone has bypassed the login before, and now it's being strengthened. Try to see if you can still login! or http://jupiter.challenges.picoctf.org:64649

hashtag
Solution

Same payload isn't working, since OR is being filtered. We can try to login with AND. Payload admin' AND 1=1 --

circle-check

Flag: picoCTF{m0R3_SQL_plz_aee925db}

hashtag
Irish-Name-Repo 3

hashtag
Description

AUTHOR: XINGYANG PAN

There is a secure website running at https://jupiter.challenges.picoctf.org/problem/54253/ (linkarrow-up-right) or http://jupiter.challenges.picoctf.org:54253. Try to see if you can login as admin!

hashtag
Solution

Trying previous payloads doesn't work. Looking into HTML source code there's odd element.

Hidden debug? I changed the value from 0 to 1 directly from Developer Tools, also you can remove type="password" from password input to see what you're writing.

The characters are transpositioned, OR became BE. Inspecting the difference between characters we get delimiter of 13, ROT13arrow-up-right?

irish-name-repo-3-1

Final payload = ' BE 1=1 --

circle-check

Flag: picoCTF{3v3n_m0r3_SQL_7f5767f6}

PreviouscaasNextJaWT Scrachpad

Last updated