amon (j. heng)

The Potatosploiter. Pirate of the Seven Proxseas.

CSCAMP CTF 2012 - Web100

less than 1 minute read

This challenge required you to log in as any valid account.

Attempting the standard sql injection login bypass yielded an error:

' or 1=1; --

The error message showed that the escape was a simple prepend “” to any “’” found in the string.

We can work around this by ensuring that the backslash is escaped by another backslash when the filter is applied:

' or 1=1; --

Note: this writeup is incomplete due to missing images.

Share on

Twitter Facebook Google+ LinkedIn

Leave a Comment

You May Also Enjoy

Cyberpeace 2022 - Crysys (Pwn)

5 minute read

Summary: A minimal binary with only the read libc function and containing a standard stack overflow can be exploited by leveraging a common add-what-where ga...

TetCTF 2022 - Newbie (Pwn)

6 minute read

Summary: An ELF binary contains functionality to generate a ‘hashed’ identifier from two bytes of memory at an offset specified by the user. This ‘hashed’ id...

TetCTF 2022 - EzFlag (Web/Pwn)

14 minute read

Summary: In this two part challenge, flawed filename logic allows an attacker to write arbitrary Python files that are executed as a CGI script. Once the att...

Sieberrsec 3.0 CTF (2021) - Turbo Fast Crypto (Crypto/Pwn)

11 minute read

Summary: An insecurely implemented Python native library allows for an attacker to exfiltrate the XOR key used to ‘encrypt’ arbitrary data as well as contain...