SQL FUN 1

Author: Lucian Nitescu
Contest: NeverLAN CTF 2019

Description:

Stats:

75 points

Solution:

On this challenge, I was provided a basic and unrestricted SQL "console" that allowed me to enter any SQL query.

As easy as it may sound, I performed a basic select in order to retrieve the user password. Funny enough the application requires an at least one valid whare cause, so I did that:

• SELECT * FROM users WHERE 1

The flag is: flag{SQL_F0r_Th3_W1n}