why2025-CTF

I’m trying to play the international CTF.I will record this WP in ENGLISH!It’s modifiered by GPT.

Planets

Describtion: I just started programming and created my first website, an overview of all the planets in our solar system. Can you check if I didn’t leave any security issues in it?

For this challenge, you’ll only find the descriptions of eight planets in our solar system.

  • View the source Code
1
2
3
fetch("/api.php", {
                method: "POST",
                body: "query=SELECT * FROM planets",

  • Try visiting the page without parameters returns: it shows “No query found!”

  • Use Burp Suite to send the request in POST mode.

  • Get the schema_name, table_name, and field_name. Finally, don’t forget to extract the full data with:query=SELECT * FROM abandoned_planets,I almost forgot — don’t waste time trying load_file for the flag or other complex tricks.