CSCAMP CTF 2012 - Web100

less than 1 minute read

This challenge required you to log in as any valid account.

Attempting the standard sql injection login bypass yielded an error:

' or 1=1; --

The error message showed that the escape was a simple prepend “” to any “’” found in the string.

We can work around this by ensuring that the backslash is escaped by another backslash when the filter is applied:

' or 1=1; --

Note: this writeup is incomplete due to missing images.

Leave a Comment