From 6ecc9454710a70fbfc6e2578e2c0d0aa1772fd69 Mon Sep 17 00:00:00 2001
From: dududum561 <atharva.nagarkar@yahoo.com>
Date: Wed, 15 Mar 2017 14:45:51 +0000
Subject: [PATCH] injection2 added to problems

---
 injection2/description.md | 1 +
 injection2/grader.py      | 4 ++++
 injection2/problem.yml    | 7 +++++++
 3 files changed, 12 insertions(+)
 create mode 100644 injection2/description.md
 create mode 100644 injection2/grader.py
 create mode 100644 injection2/problem.yml

diff --git a/injection2/description.md b/injection2/description.md
new file mode 100644
index 0000000..5bd1e59
--- /dev/null
+++ b/injection2/description.md
@@ -0,0 +1 @@
+I've told my friend a billion times that the user called `leet1337` doesn't exist on this [website](http://injection2.web.easyctf.com), but he won't listen. Could you please login as this user, even though it doesn't exist in the database? Oh and also, make sure that the user has a power level over 9000!!!!
\ No newline at end of file
diff --git a/injection2/grader.py b/injection2/grader.py
new file mode 100644
index 0000000..1e1ad00
--- /dev/null
+++ b/injection2/grader.py
@@ -0,0 +1,4 @@
+def grade(autogen, key):
+    if key.find("reUNI0Ns_are_alw4ys_s0_em0t1onal") != -1:
+        return True, "Nice 1337 heccker skillz!"
+    return False, "Nah. Keep trying though."
diff --git a/injection2/problem.yml b/injection2/problem.yml
new file mode 100644
index 0000000..f07071e
--- /dev/null
+++ b/injection2/problem.yml
@@ -0,0 +1,7 @@
+author: dududum561 & mzhang
+title: SQL Injection 2
+hint: The columns in the table are (not in order) username, password, power_level, and a unique id.
+category: Web
+autogen: false
+programming: false
+value: 150