Web/Apache Logs
113 points
Our servers were compromised!! Can you figure out which technique they used by looking at Apache access logs.
flag format: DarkCTF{}
Files
Solution
Found interesting request in given logs:
Decoded the request into:
http://192.168.32.134/mutillidae/index.php?page=user-info.php&username=‘+union+all+select+1,String.fromCharCode(102,+108,+97,+103,+32,+105,+115,+32,+68,+97,+114,+107,+67,+84,+70,+123,+53,+113,+108,+95,+49,+110,+106,+51,+99,+116,+49,+48,+110,+125),3+—+&password=&user-info-php-submit-button=View+Account+Details
Then combined the charcodes into the flag:
DarkCTF{5ql_1nj3ct10n}