Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

12 September 2020 write-up: old-39

1 minutes to read
Link point tag
old-39 100 SQLi

Welcome and welcome back to another webhacking,kr CTF. Toda’s challenge involves with SQLi.


Alright, some unknown query. Time for the source code.


From the source code, I noticed the following

Great, the query is invalid as default and our main goal is to make it valid. The result doesn’t matter. One might suggest that the SQLi payload should be like (the payload must be your username, it didn’t work with dummy value)


You’re so wrong because the single quote (‘) will be replaced into double quote (‘’). Fortunately, the substr function that only accepts the first 15 characters save our day. Since we have 6 characters with us, adding 8 more spaces and a quote as our payload, in the result of

DesKel        '

The single quote does replaced into double quote. Due to the substr function, the second quote is filtered out.


tags: - sqli

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


© 2020 DesKel