Created
August 28, 2012 01:31
-
-
Save bubba-h57/3494120 to your computer and use it in GitHub Desktop.
Stripe CTF Level 0 - Solution SQL Injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We can see that it's querying the SQL database with our user-supplied input. We also know that it is an sqlite3 database. When looking at the SQL statement, we can see that it's using the LIKE operator, which happens to have a wildcard character (%). When we supply the wildcard character, it will respond with all the secrets in the database. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment