The After Prequal - Securinets Quals 2k20

The after-Prequal (971pts) (19 Solves)


This task was so fun and i learned new things from it , we are given a website with a search functionality and after testing a single quote injection we had an SQL error , so let’s start the exploitation of the famous SQL injection :D


After the basic enumeration we can notice that these characters are filtered : [” “,"-",","] so we will use the following bypasses:

  1. The white space : %0A
  2. The “-” : we will use # to comment
  3. The “,” : we will use join to bypass it

This step took me some time , after some tries i succeeded in equilibrating the query :



And BINGO ! we succeeded to inject , all we have to do know is to dump the database as usual

  1. Tables:


Table name: secrets


  1. Columns:


The interesting Column name : value


And finally :



Damn no flag for us :'( but no problem maybe if we just do load_file(“flag.txt”) we will have the flag ? unfortunately it wont work, in fact it’s not that easy and this is the most juicy part of the task xd i checked the privileges of the current user and the FILE permission was not grantable ! wtf , this result was unpredictable for me so i started digging in mysql file permissions docs until i found this :D


To limit the location in which files can be read and written, set the secure_file_priv system variable to a specific directory. See Section 5.1.8, “Server System Variables”.

So probably the author have set a custom location in the global variable secure_file_priv , let’s check its value in @@GLOBAL.secure_file_priv



BINGOOO ! so let’s have our flag now :


FLAG : Securinets{SecuR3_YourSQL!} , I have enjoyed this task and learned a lot about mysql privileges from it , thank you @bibiwars or should i call you @nox xD If you enjoyed the writeup share it with your friends and don’t hesitate to ask me on twitter @BelkahlaAhmed1 :D

Belkahla Ahmed
Belkahla Ahmed
Cybersecurity Enthusiast - CTF Player @ Fword

Pentester, Security Enthusiast from Tunisia, I enjoy playing in hacking and pentesting competitions,i skip classes to play CTF.