We are welcomed with a login page where we can register a new account and log in with it.
After logging to the application we received a:
Hello pwntester. Try to login as 0ops!
The first thing I looked for was for SQL injection in the register and login forms. The register one turned to be injectable and we can use Duplicate entry technique to dump the DB
more here.......http://www.pwntester.com/blog/2015/03/30/0ctf-2015-mislead-web-300/
After logging to the application we received a:
Hello pwntester. Try to login as 0ops!
The first thing I looked for was for SQL injection in the register and login forms. The register one turned to be injectable and we can use Duplicate entry technique to dump the DB
more here.......http://www.pwntester.com/blog/2015/03/30/0ctf-2015-mislead-web-300/