BITS Capture the flag- challenge “TO BLIND TO SEE”

Introduction

This challenge was introduced by the BITS team at some point during the CTF event. From its title alone, it hinted at the presence of blind web-based vulnerabilities. Consequently, my initial action upon visiting the challenge website was to search for the login pages. This was prompted by the awareness that web-based vulnerabilities, such as blind SQL injection, are often found in login pages.

Within the web application, there was a functionality that redirected the user to the login page. Upon reaching this page, I noticed the presence of two types of logins.

first one is for user and second on is for admin.

After testing all the parameters with SQL payloads, I observed that the “username” parameter on the “/yesyoudidit” webpage is vulnerable to Blind SQL injection.

I utilized the tool called SQLmap to extract and dump all the data present in the SQL database.

In the database, I discovered email addresses and corresponding passwords that I could potentially use to log in as users.

After successfully logging in, I was able to retrieve the flag and complete the challenge.

Thank you for reading. Happy CTF finding. :)