CTFlearn (Capture The Flag) writeups,solutions, code snippets, notes, scripts for beginners web(easy)..
See if you can leak the whole database. The flag is in there somewhere… https://web.ctflearn.com/web4/
As there is nothing on the page so let us move to the Page Source.
As the source code is quite simple but notice the comment is contains some name. But pasting them in the box on the page gives useless information, but one can notice that the page is vulnerable to SQL injection as the name of the level suggests. Now we need to fool the database somehow to display all the information stored in it. TO alter the query, enter ‘OR’ 1 ‘=’ 1 in the input field instead of the actual name.
WOW!! It shows all the data which also contains our flag..
Thanks for your patience,I hope you enjoyed reading. Happy Hacking...