From d3ab90ea5b1de76972bfbe16fae9901718a9dd2f Mon Sep 17 00:00:00 2001
From: Michael Zhang <failed.down@gmail.com>
Date: Sat, 11 Mar 2017 01:24:22 -0600
Subject: [PATCH] Add injection1.

---
 injection1/description.md | 1 +
 injection1/grader.py      | 4 ++++
 injection1/problem.yml    | 7 +++++++
 3 files changed, 12 insertions(+)
 create mode 100644 injection1/description.md
 create mode 100644 injection1/grader.py
 create mode 100644 injection1/problem.yml

diff --git a/injection1/description.md b/injection1/description.md
new file mode 100644
index 0000000..515a1bf
--- /dev/null
+++ b/injection1/description.md
@@ -0,0 +1 @@
+I need help logging into this [website](https://injection1.web.easyctf.com) to get my flag! If it helps, my username is `admin`.
\ No newline at end of file
diff --git a/injection1/grader.py b/injection1/grader.py
new file mode 100644
index 0000000..e05ce83
--- /dev/null
+++ b/injection1/grader.py
@@ -0,0 +1,4 @@
+def grade(autogen, key):
+    if key.find("a_prepared_statement_a_day_keeps_the_d0ctor_away!") != -1:
+        return True, "You got it!"
+    return False, "Nope. Keep poking around."
diff --git a/injection1/problem.yml b/injection1/problem.yml
new file mode 100644
index 0000000..22c9b0a
--- /dev/null
+++ b/injection1/problem.yml
@@ -0,0 +1,7 @@
+author: mzhang
+title: SQL Injection 1
+hint: What does "injection" mean? How can you "inject" code into your username to control the username lookup?
+category: Web
+autogen: false
+programming: false
+value: 100