From 6ecc9454710a70fbfc6e2578e2c0d0aa1772fd69 Mon Sep 17 00:00:00 2001 From: dududum561 Date: Wed, 15 Mar 2017 14:45:51 +0000 Subject: [PATCH] injection2 added to problems --- injection2/description.md | 1 + injection2/grader.py | 4 ++++ injection2/problem.yml | 7 +++++++ 3 files changed, 12 insertions(+) create mode 100644 injection2/description.md create mode 100644 injection2/grader.py create mode 100644 injection2/problem.yml diff --git a/injection2/description.md b/injection2/description.md new file mode 100644 index 0000000..5bd1e59 --- /dev/null +++ b/injection2/description.md @@ -0,0 +1 @@ +I've told my friend a billion times that the user called `leet1337` doesn't exist on this [website](http://injection2.web.easyctf.com), but he won't listen. Could you please login as this user, even though it doesn't exist in the database? Oh and also, make sure that the user has a power level over 9000!!!! \ No newline at end of file diff --git a/injection2/grader.py b/injection2/grader.py new file mode 100644 index 0000000..1e1ad00 --- /dev/null +++ b/injection2/grader.py @@ -0,0 +1,4 @@ +def grade(autogen, key): + if key.find("reUNI0Ns_are_alw4ys_s0_em0t1onal") != -1: + return True, "Nice 1337 heccker skillz!" + return False, "Nah. Keep trying though." diff --git a/injection2/problem.yml b/injection2/problem.yml new file mode 100644 index 0000000..f07071e --- /dev/null +++ b/injection2/problem.yml @@ -0,0 +1,7 @@ +author: dududum561 & mzhang +title: SQL Injection 2 +hint: The columns in the table are (not in order) username, password, power_level, and a unique id. +category: Web +autogen: false +programming: false +value: 150