Easy Live

Basic Injection

30 points

17478 Solves

Web

Easy

intelagent moderator badge ctflearn++ badge

Community Rating: 4.59 / 5

See if you can leak the whole database. The flag is in there somwhere… https://web.ctflearn.com/web4/

First 10 Solvers

Rank Username
1 natjef20
2 javier
3 drmad
4 limyunkai19
5 sebwit20
Rank Username
6 yukimo
7 teamaardvark
8 witchcraft
9 aiyam
10 blackndoor

    • Robert_Gelu

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

    • Robert_Gelu

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

      • dark_sarcasm

        I use this sql instruction " ' or 1=1;# " if you wanna explain whay i do this just reply.

        • ak99

          Hi, can you please explain me why you used " ' or 1=1;# "?

        • ak99

          Hi, can you please explain me why you used " ' or 1=1;# "?

        • ryxicare

          Protected

          [REDACTED] This comment is only shown to users who have solved this challenge.

      • dark_sarcasm

        Protected

        [REDACTED] This comment is only shown to users who have solved this challenge.

        • ImYawn

          Protected

          [REDACTED] This comment is only shown to users who have solved this challenge.

      • JuanMusic1

        When i try the payload, it was wrong, but in a few moment i have tried the same payload an it works

  • Theriphunters

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • SpringBok

    Fade.js status is 404. In the console, I keep getting "GET https://web.ctflearn.com/web4/fade.js net::ERR_ABORTED 404".

  • beboms123

    First intro to SQL Injections for me! Awesome!

    • intelagent moderator badge ctflearn++ badge

      Glad you enjoyed, hope you learned something!

      • DonkeyPrime

        I' m an absolute noobie. what are the pre requisites? where should i start

  • Zahrah

    im noob i have no clue what i am doing when i input the url it wont work HELP

  • 0xLuois

    Good! i'm start learn CTF today. Very good program for me.

  • peri4n

    Could someone clarify if the 404 response of the fade.js is expected (part of the problem) or if there are technical problems with the server?

    • peri4n

      Confirmed it myself: fade.js is irrelevant for the problem.

  • Tinggaard

    I would assume it's an SQL-injection, but at the same time, I wouldn't consider those easy. Please help

  • mehedi1194

    flag is not there in well format like flag{here is the flag} its hard for those who is totally new in ctflearn but enjoyed

  • k4at3034

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • roylt84

    solved, easy once i realized I was looking at the wrong value for the key.

  • rockylance55

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • Dafaq

      Hi read w3schools/sql/sql. This site will give you info on how to do a basic SQL injection. Hope this helps.

  • HG86revient

    a pretty good challenge, I had an idea about SQLi but i needed to view the w3school's page

  • HG86revient

    a pretty good challenge, I had an idea about SQLi but i needed to view the w3school's page

  • nermish

    First CTF, No idea what I was doing, 10/10

  • brainfog

    So that's how a sql injection works, noob learned something

  • Gold

    Great first challenge, just a quick question: How can I reset a challenge back to unsolved If I wanted to here? Thanks

    • intelagent moderator badge ctflearn++ badge

      What's the use case for this? Currently, this functionality isn't available.

      • Gold

        was just curious to know, thanks for replying

        • intelagent moderator badge ctflearn++ badge

          If there is a use case we would love to include this functionality!

    • CerebrumObliterator

      Are you asking so you could input the flag over and over again and flood the live stream? Because I most definitely wasn't thinking about that lol

  • rusyaew

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • lawman

    I am new to this so happy i found this as my first challange learned a lot! Internet is your slave not your owner!

  • MChrisGM

    Really good, thanx for teaching me this

  • jmeagle

    hard for a person that had to look up sql

  • Maxbattleman

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Kabilan

    Here is the challenge . But I want to learn first . Where I can learn

    • ImYawn

      w3school i think have some cool stuff you can read over. Also youtube can help a lot!

  • moroq

    Harder then I thought, 404 on js does not impact it

  • lifemeetsgent

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Bossking12

    Is there a way I can learn how to do this. I have just started so I don't know how to do it.

  • zeronid

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • zeronid

    Great challenge for beginners , learned a little something about injections :)

  • zeronid

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Chaos_99

    For a beginners challenge, I don't like that it's so silent. Giving me some error output would help me solve the problem or at east guide me along the way.

  • bazio

    abctf{uni0n_1s_4_gr34t_c0mm4nd}<<<< i found the flag but not working

    • marnianski

      any clue how much time its take them to patch the server?

  • Ebhodini

    Error 502: Bad gateway. Guys help :D

  • leerock2323

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • S0FA

    Error 502 Bad gateway

  • cardynlsyn ctflearn++ badge

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • dolos

    My frist ever SQL Injection!!! WOOHOO Thanks for this @intelagent

  • edddy

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • iamscripty

      go ro w3school sql injection page it may help, dont overthink

    • iamscripty

      go ro w3school sql injection page it may help, dont overthink

  • iamscripty

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • mrempty

    Unable to connect to https://web.ctflearn.com/web4/ Error 502

  • Ertersy

    I can't tell if it's supposed to be an error 504 or not... I'm completely new to this

  • Daddo4810

    Ok, 3 hours has passed and i'm still here like a dolphin in an aquarium

  • Answer

    If you are blocked on this one, try imagining how the query looks like.

  • VdoubleA

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • M7B4

    How to solve it? Pls help me :( Im new to this :(

  • M7B4

    How to solve it? Pls help me :( Im new to this :(

  • I'm new to a lot of this stuff and am just wondering if you could add a feature that gives a tutorial and hint.

  • I'm new to a lot of this stuff and am just wondering if you could add a feature that gives a tutorial and hint.

  • I'm new to a lot of this stuff and am just wondering if you could add a feature that gives a tutorial and hint.

  • Raihan

    it's not so easy, because I try ' " it's don't show any SQL syntax error.

  • Lethal_Presence

    Very good task for newbies to start investigating the theme of SQL injections

  • Borthwick

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Kratos540

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • shub0

    getting error while opening https://web.ctflearn.com/web4/

  • cdblish3

    Error 502 Ray ID: 59176ad44dafd292 • 2020-05-10 23:25:04 UTC Page won't open

  • K11RU

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • lucjanex

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • 4C1DW0LF

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • AndroidHappier

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • chobs

    Is this still injectable? I entered all the basic/classic sql injection commands and nothing worked. I even tried using Kali's SQLmap to do a banner grab, but still got nothing. Can someone confirm if I'm right or wrong. 5/20/20

    • chobs

      Found out what I was doing wrong and got the answer. But has anyone tried a tool like SQLmap on this URI before?

  • thura98

    Thanks for the challenge. My first solve!

  • __Senku__

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • xuanquang1999

    Why inputting the string "' OR 1=1 --" don't work? Isn't it still syntactically correct (after injecting it to the server SQL statement)?

  • kovid

    I found Luke, but have no idea how to proceed. I'm new to SQLi. Can someone help me?

  • LokeshRaja

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • bolbol11

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Kira15

    sometimes my input works sometimes its not is it just me? wtf

  • RLangdon

    Why is it that my injection works on website but doesn't get successful upon submission?

  • RLangdon

    LOL! Great. I am glad this was first I solved. Took me 2 days to figure out having it in front of me. Great guy intelagent!

  • mcdbulin

    th4t_is_why_you_n33d_to_sanitiz3_inputs

  • ashish_pondit

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • pspice2000

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • UfaiX04

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.