Wednesday, August 29, 2012

Stripe CTF Writeup: Challenge 0

This challenge was fairly simple and required just a passing knowledge of SQL. The key line of the server file is 
var query = 'SELECT * FROM secrets WHERE key LIKE ? || ".%"';
Because of the LIKE syntax, all we have to do is enter a '%' (SQL Wildcard) as the input and the server will return all of the records in the database. That's all there is too it.

-- suntzu_II
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)