Introduction
This writeup is about the Welcome Admin 1/2 challenge of the France CyberSecurity Challenge 2024. Here is the description of the challenge :
Au coeur d’un réseau labyrinthique, là où la lumière des écrans peine à éclairer les recoins les plus sombres, une demande spéciale est lancée dans les abîmes, un appel discret, attendu seulement par ceux qui connaissent les profondeurs. Seul un véritable expert pourra répondre à l’appel, cryptiquement formulé : “Un expert en SQL est demandé à la caisse numéro 3.”
Link to the challenge : https://welcome-admin.france-cybersecurity-challenge.fr/
Analysis
When you go on the link you arrive in a Website with a Login pages like below.
We can imagine the vulnerability is a SQL injection because the statement of the challenge talk about a SQL expert. As a reminder, SQL injection can enable an attacker to deliberately interfere with the database in order to access its sensitive information. So now I will try to exploit the vulnerability. First of all, to verify that is really an injection I enter an apostrophe in the password field and if an Internal Server Error occured it is good.
The apostrophe is a way to know if a SQL injection is possible. An apostrophe give the possibility of inject data into the query without disrupting it. Now I will try to exploit the vulnerability and display the flag.
Solution
I’ve tested all the most common and popular SQL injections. The ’ OR 1=1– triggers the vulnerability and displays the flag as in the screenshot below.
FLAG :
FCSC{94738150696e2903c924f0079bd95cd8256c648314654f32d6aaa090846a8af5}