Description

We all love secrets. Without them, our lives would be dull. A student wrote a secure secret store, however he was babbling about problems with the database. Maybe I shouldn’t use the ‘admin’ account.

Resolution

This challenge was a really classical SQL Truncation. As we already detailed the process in a Write Up for the CyberCamp CTF , we will only showing the most important steps on this Write Up.

The website was composed only of a login and a registration page. We first thought of a SQL Truncation flaw. So the registration page was important to check.

We first tried to create a very long admin[spaces]x account.

After the account creation, we tried to connect with this account

And the flag was in front of our eyes 🙂

Flag was IW{TRUNCATION_IS_MY_FRIEND}

 

Enjoy

The lsd