DEFKTHON CTF: Web 200
The hint “Not SQL” tells us not to look for SQL injection. After searching on the Internet about injections that are not an SQL injection, I came up with something called a NoSQL injection. A quick look at it and you will learn that, by appending
[$ne] to the
$_GET parameter, you can, instead make the query look for things that are ‘not equal’ to whatever you set the value to.
The final solution that resulted in the flag