Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md

README.md

DEFKTHON CTF: Web 200

Description:

Auth Me In

Write-up

The hint “Not SQL” tells us not to look for SQL injection. After searching on the Internet about injections that are not an SQL injection, I came up with something called a NoSQL injection. A quick look at it and you will learn that, by appending [$ne] to the $_GET parameter, you can, instead make the query look for things that are ‘not equal’ to whatever you set the value to.

The final solution that resulted in the flag flag{itoldunaathisisnotSQLinjection} was http://54.201.96.212:888/web200/?userid[$ne]=a&password[$ne]=a.

Other write-ups and resources