IP Address: 172.25.200.200

Port: 9006

Want to run this Docker container locally?

docker run -d -p 9006:80 --name flag5 --restart always joshbeck2024/ctf-sql-inject-flag-5

-This is an easy challenge

-Points: 20

SQL Injection!

You are greeted by a Secure Email Portal

Exploitation Steps

1. Identify the Vulnerability The application takes user input from the email field and uses it directly in a SQL query without sanitization. The backend query likely looks something like this:

   SELECT * FROM code_table WHERE email = '$user_input'
   

   • We can inject SQL commands to alter the query's logic.

2. Craft the Payload We want to force the query to return TRUE regardless of whether the email exists. A classic payload is:

' OR '1'='1

• If we inject this, the query becomes:

SELECT * FROM code_table WHERE email = '' OR '1'='1'

• Since '1'='1' is always true, the database will return the first record in the table (or all records).