DerbyConCTF Flags: PurpleMooCow

November 19, 2014 — Leave a comment

PurpleMooCow was the final flag (I found) of the competition, worth 500 points.

Following up on the exploit from the previous flag I found, I thought there might be more here to exploit in the way of SQL injection:

Screenshot from 2014-09-27 17_46_13Again I went with the tried-and-true ' or '1'='1 combo which yielded this flag:

Screenshot from 2014-09-27 17_46_48

I decided after finding this flag to hang it up on a high note and gracefully exit the competition with the slim 1190 points I had accumulated to this point.  There’s always next year…

Aaron Melton


No Comments

Be the first to start the conversation.

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>