From d3ab90ea5b1de76972bfbe16fae9901718a9dd2f Mon Sep 17 00:00:00 2001 From: Michael Zhang Date: Sat, 11 Mar 2017 01:24:22 -0600 Subject: [PATCH] Add injection1. --- injection1/description.md | 1 + injection1/grader.py | 4 ++++ injection1/problem.yml | 7 +++++++ 3 files changed, 12 insertions(+) create mode 100644 injection1/description.md create mode 100644 injection1/grader.py create mode 100644 injection1/problem.yml diff --git a/injection1/description.md b/injection1/description.md new file mode 100644 index 0000000..515a1bf --- /dev/null +++ b/injection1/description.md @@ -0,0 +1 @@ +I need help logging into this [website](https://injection1.web.easyctf.com) to get my flag! If it helps, my username is `admin`. \ No newline at end of file diff --git a/injection1/grader.py b/injection1/grader.py new file mode 100644 index 0000000..e05ce83 --- /dev/null +++ b/injection1/grader.py @@ -0,0 +1,4 @@ +def grade(autogen, key): + if key.find("a_prepared_statement_a_day_keeps_the_d0ctor_away!") != -1: + return True, "You got it!" + return False, "Nope. Keep poking around." diff --git a/injection1/problem.yml b/injection1/problem.yml new file mode 100644 index 0000000..22c9b0a --- /dev/null +++ b/injection1/problem.yml @@ -0,0 +1,7 @@ +author: mzhang +title: SQL Injection 1 +hint: What does "injection" mean? How can you "inject" code into your username to control the username lookup? +category: Web +autogen: false +programming: false +value: 100