Micro CMS V2
Micro CMS V2
CHALLENGE HINT
Flag2
We should try some sqlmap by saving our POST to a file named req and run the command
1
sqlmap -r req --dump --batch
Flag0
After reading the hints, we know that we need to use SQL Injectiion with UNION, we got the table name from the Flag2.
1
' UNION SELECT '123' AS password FROM admins WHERE '1' = '1
And then password = 123, we got the flag
Flag1
By accident, I access the /page/edit/2 by POST method, so we get the flag.