Micro CMS V2

CHALLENGE HINT

Flag2

We should try some sqlmap by saving our POST to a file named req and run the command

sqlmap -r req --dump --batch

Flag0

After reading the hints, we know that we need to use SQL Injectiion with UNION, we got the table name from the Flag2.

' UNION SELECT '123' AS password FROM admins WHERE '1' = '1

And then password = 123, we got the flag

Flag1

By accident, I access the /page/edit/2 by POST method, so we get the flag.