Welcome to our technology store.
Flag format: CTF{message}
CTF{1nformat1on_sch3ma_c4n_cont41n_us3ful_d4t4}
sqlmap on the search field to get the tables and their contents
We are greeted with a login panel. Simply trying to use admin for both the username and the password does the trick. We then see a search field:
I tried to search for % and I got a bunch of products:
This means that the search field is vulnerable to SQLi. I took out the big guns (sqlmap) and started snooping around.
sqlmap --cookie="PHPSESSID=1e26617659c222345588048f61040825" --url \\
<http://34.159.12.113:31250/index.php> --forms --columns
I had to set the cookie because otherwise I would’ve been attacking the login form which I didn’t want.
After running that command, we find the flag scattered around:
