Image of NeverLAN CTF 2019


Solution Author:

Lucian Nitescu, as part of jmp 0xc0ffee team.


On this challenge, I was provided a basic and unrestricted SQL "console" that allowed me to enter any SQL query.

As easy as it may sound, I performed a basic select in order to retrieve the user password. Funny enough the application requires an at least one valid whare cause, so I did that:

  • SELECT * FROM users WHERE 1

The flag is: flag{SQL_F0r_Th3_W1n}