BUUCTF-WEB(1)
sql-md5-injection-[BJDCTF2020]Easy MD5
By capturing packets, we can find the hint in the message.
Combining "md5" functions with select statements can cause "md5 injection" vulnerabilities. We can construct the string like "'or something" to form a universal password. A payload is "fifdyop", md5 encrypted is "276f722736c95d99e921722cf9ed621c", convert to a string which is "or'6\xc9]\x99\xe9!r,\xf9\xedb\x1c"
The next problem-solving process is very simple.