PicoCTF - A Happy Union
I really need access to website, but I forgot my password and there is no reset. Can you help? I like lite sql :)
A happy union? It has to do something with union sql injection. Let's firstly check, how bad can we go when registering a new user.
Now, after logging in, we can clearly see the SQL query which is used to take out the data from the database. And yeah, our input isn't sanitized at all, so we're clear to create UNION injection.
Our first step would be creating a query that will tell us names of the tables in the database. Since we know it's sqlite it won't be that hard.
We have to use 2 null columns, since the base query is taking out content of 3 columns, and so we have to in the union query. Dashes in the end will comment out everything afer them, just in case.
Great, we have users table, from which we can now try to get the flag. Here we go with the last query.
User, pass column names? Let's check that out.
Great SQL Injection challenge!