hackburger.ee That's not how you write signup Write Up
2017. 8. 23. 15:24
hackburger.ee That's not how you write signup Write Up
Written by ch4n3 [at] BoB 6th, team Demon & H3X0R
this challenge is so,,, easy,,, (REAL)
using "Column Truncation Attack", you can solve this very easily.
(If you don't know that, do googling)
Think if you join with " 'admin' + ' ' * 10000 + 'a' ",,
DB take only 'admin'.
You can get flag, by executing this code (https://github.com/chaneyoon/wargames/blob/master/hackburger.ee/That's%20not%20how%20you%20write%20signup/getFlag.py)
good luck.