CrossCTF_2018: Baby Web
Category: Web Points: 159 Description:
It is all in the challenge. http://ctf.pwn.sg:8180 *Creator - quanyang (@quanyang)
This challenge was also relatively simple, utilizing either
\n to act as a field seperator for SQL. This would result in the
explode(" ") function not sanitizing the query. With this, we can build our search query to union select the flag from the users column.
%' UNION SELECT flag FROM users;#--
Therefore, the flag is