Update main.go

main.go

@@ -86,24 +86,19 @@ func main() {
 		username := r.FormValue("username")
 		password := r.FormValue("password")
 
-		// --- CHALLENGE PART 1: HEADER CHECK ---
-		// The student must read the code to realize they need to change their User-Agent.
+		
 		ua := r.Header.Get("User-Agent")
 		if ua != "Secure-CTF-Browser/1.0" {
 			http.Error(w, "Security Alert: Browser not authorized. Please use 'Secure-CTF-Browser/1.0'", http.StatusForbidden)
 			return
 		}
 
-		// --- CHALLENGE PART 2: THE TRAP ---
-		// We explicitly block "admin" to prevent simple brute forcing. 
-		// They must use SQL injection to select the admin row *without* sending "admin" as the username string.
+		
 		if username == "admin" {
 			http.Error(w, "Direct login as 'admin' is disabled for security reasons.", http.StatusForbidden)
 			return
 		}
 
-		// --- CHALLENGE PART 3: THE WAF (Input Filtering) ---
-		// We block spaces. The student must use SQL comments (/**/) or tabs to bypass this.
 		if strings.Contains(username, " ") || strings.Contains(password, " ") {
 			http.Error(w, "WAF Detection: Spaces are not allowed in input fields.", http.StatusBadRequest)
 			return
@@ -117,14 +112,13 @@ func main() {
 		}
 		defer db.Close()
 
-		// --- THE VULNERABILITY ---
-		// Still using fmt.Sprintf, but now the input is heavily restricted by the checks above.
+		
 		query := fmt.Sprintf("SELECT id, username, flag FROM users WHERE username = '%s' AND password = '%s'", username, password)
 		
 		log.Printf("Executing Query: %s\n", query)
 
 		var user User
-		// QueryRow returns the first matching row. If they inject ' OR '1'='1, it will return the first user in the DB (Admin).
+		
 		err = db.QueryRow(query).Scan(&user.ID, &user.Username, &user.Flag)
 
 		if err != nil {
@@ -137,7 +131,7 @@ func main() {
 			return
 		}
 
-		// Success
+		
 		w.WriteHeader(http.StatusOK)
 		fmt.Fprintf(w, `
 			<div style="font-family: monospace; background: #111; color: #4ade80; padding: 20px; text-align: center;">