| - | - |
|---|---|
| Name: | Cowboy World |
| Category: | Web |
| Points: | 100pts |
I heard this is the coolest site for cowboys and can you find a way in?
First thing we get greeted with this normal login form nothing special about it,
before i start doing anything else i decided to check out the /robots.txt , i know im on the right track because of the hint provided by the dev Hint Link.
# pls no look
User-Agent: regular_cowboys
Disallow: /sad.eml
we see a User-Agent Header but thats just a rabbit hole to try and send requests as regular_cowboys, but we also see an email file named sad.eml and when we open it with a text editor or outlook we get:
Everyone says 'yeee hawwwww'
but never 'hawwwww yeee'
:'(
thats why a 'sadcowboy' is only allowed to go into our website
so now we have a possible username which is sadcowboy, to see if the login form has flaws in errors like telling us exactly if the password is wrong or the username, by entering the username sadcowboy and a random password i see that we get Incorrect password and when i try with another username i get Incorrect username or password so now i confirmed the username is correct, and the hint for the password was not clear but i believe it was the :'( also when trying ' we get an Internal Server Error so now we know its a sql injection.
so i tried couple sqli login bypass payloads that contains single quotes using the burp repeater trying out payloads in the browser will give an Internal Server Error and the payload '+or+'1'='1 worked with me.
Flag: DUCTF{haww_yeeee_downunderctf?}