Write-Up || Quals: Saudi and Oman CTF 2019 Web Challenges


Welcome Guys,

I will solve the web challenges on the Quals of Saudi and Oman CTF 2019 I will solve it on the video but I will talk about the challenges first.

The First Challenge is Maria it's a Hard one with 200 points, this challenge is a SQL injection challenge the first thing you should found the field which you will inject your payload on it if we try to delete the cookie we will see the SQL query which adds your IP to the database so we will inject the IP to get the information from the DB we need the Maria's IP address so we will dump it and we will see that on the video after that when we add the IP we should add the cookies and we will use the cookies from set-cookie header on the response

The Second Challenge is Back to basics it's an Easy one with 50 points if we try to open the challenge link we will be redirected to Google so we should open it with another way so I used Burp to catch the request but I didn't find anything interesting on the page but when I looked to the response headers I found that the POST, GET, HEAD, OPTIONS is allowed so I tried to change the request method from GET to POST and it shows a JS code when I run it  I got the flag, let's see the video.






Good Luck.

Comments

Popular posts from this blog

HITB2018DXB Pre-Conf CTF | Write up

How to start on web applications security