TAMU CTF 2019 web writeups (Bird Box Challenge)

Team: MTA256

When we connect to the website, we are offered a basic homepage.with a search box

Let’s use Burp Suite to read the HTTP requests and responses:

Let’s forward it to repeater:

I tried an sql injection On the URL parameter named Search, first think I tried to inject ‘UNION SELECT 1# , Then I’ve got the perfect responce:

If you try getting into version() will not find anything interesting:

but user() gives me the flag :)

‘UNION SELECT user()#

I would like to thank very much author of this challenge especially and TAMU Team generally. This task was very educational about one of strong vulnerabilities. I hope that my writeup will help everyone read it