A hands-on Capture The Flag (CTF) challenge focused on SQL injection vulnerabilities. This application contains multiple deliberately vulnerable endpoints that participants can exploit to extract hidden flags.
This CTF challenge contains four different SQL injection vulnerabilities of increasing complexity:
- Basic UNION-based Injection - Simple SQL injection vulnerability allowing data extraction through UNION queries
- Multi-Column UNION Injection - Advanced SQL injection requiring matching multiple columns in UNION statements
- UNION Injection with WHERE clause - SQL injection in a search feature with filtering mechanisms
- Login Form SQL Injection - Authentication bypass vulnerability in the login system
-
Clone this repository
-
Build and run the Docker container:
docker-compose up --build -
Access the application at http://localhost:8080
For each challenge, your goal is to:
- Identify the SQL injection vulnerability
- Exploit the vulnerability to extract the hidden flag
- The flag format is
picoCTF{...}
- Use
' OR 1=1 --to test if a field is vulnerable - Use
' UNION SELECT sqlite_version() --to verify database type - List tables with
' UNION SELECT tbl_name FROM sqlite_master WHERE type='table' -- - Get column information with
' UNION SELECT sql FROM sqlite_master WHERE tbl_name='tablename' -- - Determine column count with
' ORDER BY 1--,' ORDER BY 2--, etc. until you get an error
The solutions have been provided. Please check the solutions.txt file