[Internetwache CTF 2016] [Web 70 – The Secret Store] Write Up

Description

We all love secrets. Without them, our lives would be dull. A student wrote a secure secret store, however he was babbling about problems with the database. Maybe I shouldn’t use the ‘admin’ account.

Resolution

This challenge was a really classical SQL Truncation. As we already detailed the process in a Write Up for the CyberCamp CTF , we will only showing the most important steps on this Write Up.

The website was composed only of a login and a registration page. We first thought of a SQL Truncation flaw. So the registration page was important to check.

Registration form
Registration form

We first tried to create a very long admin[spaces]x account.

It's soooooo long
It’s soooooo long

After the account creation, we tried to connect with this account

Amazing... or not
Amazing… or not

And the flag was in front of our eyes 🙂

Beautiful flag!
Beautiful flag!

Flag was IW{TRUNCATION_IS_MY_FRIEND}

 

Enjoy

The lsd

Leave a Reply

Your email address will not be published. Required fields are marked *