{"id":24444470,"url":"https://github.com/kallsyms/wtf_sql","last_synced_at":"2026-03-27T07:44:56.230Z","repository":{"id":126442002,"uuid":"120712568","full_name":"kallsyms/wtf_sql","owner":"kallsyms","description":"It's like wtf.sh, but in SQL!","archived":false,"fork":false,"pushed_at":"2018-09-17T20:26:11.000Z","size":632,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-20T22:55:37.798Z","etag":null,"topics":["dumb","sql","wtf"],"latest_commit_sha":null,"homepage":null,"language":"SQLPL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kallsyms.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-08T04:51:51.000Z","updated_at":"2023-09-08T17:36:22.000Z","dependencies_parsed_at":"2023-06-16T20:13:31.397Z","dependency_job_id":null,"html_url":"https://github.com/kallsyms/wtf_sql","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kallsyms%2Fwtf_sql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kallsyms%2Fwtf_sql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kallsyms%2Fwtf_sql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kallsyms%2Fwtf_sql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kallsyms","download_url":"https://codeload.github.com/kallsyms/wtf_sql/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243521281,"owners_count":20304186,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dumb","sql","wtf"],"created_at":"2025-01-20T22:52:05.879Z","updated_at":"2025-12-28T17:28:34.374Z","avatar_url":"https://github.com/kallsyms.png","language":"SQLPL","readme":"# WTF.SQL\n\nDescription: (see crawl.txt)\nPoints: 500\nCategory: Web\nFlag: `flag{b3tter_th@n_th3_prequels}`\n\nSolve:\n1. robots.txt -\u003e find all routes\n1. use verifier route to leak source for all routes, subroutines\n1. Template injection\n    * can't use `${config_signing_key}` in post directly since it's blacklisted\n    * recursive template expansion allows use of `${GET_asdf}`\n    * if `?asdf=${config_signing_key}` then it will get interpolated again leaking secret\n1. secret is used to sign cookies\n1. allows you to change `is_admin`\n1. get to admin panel, need to add privileges\n1. HLE to add `panel_view` and `panel_create` privs, giving you arbitrary db.table read\n1. ggwp\n\nFormatting notes:\n* Types\n    * Routes should be VARCHAR(255)\n    * header, cookie, template, etc. keys should be VARCHAR(255)\n    * header, cookie, template, etc. values should be TEXT\n    * response is TEXT\n* Naming\n    * k/v pairs are always `name` `value` (to add to the confusion)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkallsyms%2Fwtf_sql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkallsyms%2Fwtf_sql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkallsyms%2Fwtf_sql/lists"}