Cookie Consent by

DarkCTF 2020: Web/Agent-U

DarkCTF 2020: Web/Agent-U


395 points

Agent U stole a database from my company but I don't know which one. Can u help me to find it?

flag format darkCTF{databasename}


From the source we can get info, that default credentials are admin/admin.

Site after login shows my user agent, so my first idea was to perform sql injection through my user agent.

After few attempts I ended up finally with below user agent setup ;-)

', extractvalue(rand(),concat(0x3a,(SELECT concat(0x3a,schema_name) FROM information_schema.schemata LIMIT 1,1))), NULL); -- .