Ctflearn Writeup Web | Easy — Solutions

Jai Gupta
2 min readMar 12, 2020


CTFlearn (Capture The Flag) writeups,solutions, code snippets, notes, scripts for beginners web(easy)..

Basic Injection

See if you can leak the whole database. The flag is in there somewhere… https://web.ctflearn.com/web4/

As there is nothing on the page so let us move to the Page Source.

As the source code is quite simple but notice the comment is contains some name. But pasting them in the box on the page gives useless information, but one can notice that the page is vulnerable to SQL injection as the name of the level suggests. Now we need to fool the database somehow to display all the information stored in it. TO alter the query, enter ‘OR’ 1 ‘=’ 1 in the input field instead of the actual name.

WOW!! It shows all the data which also contains our flag..

Flag- th4t_is_why_you_n33d_to_sanitiz3_inputs

Thanks for your patience,I hope you enjoyed reading. Happy Hacking...

Originally published at CTFlearn writeup in my blog page on March 12, 2020.



Jai Gupta

Build & Break | OSCP | Red Teaming | Penetration Testing