Irish-Name-Repo1

Point: 300

Question

There is a website running at (link) or . Do you think you can log us in? Try to see if you can login!

There doesn't seem to be many ways to interact with this, I wonder if the users are kept in a database?

Try to think about how does the website verify your login?

This is a SQL injection vuln.

Username:       ' OR 'A' = 'A' -- 
or another one: ' OR 1 --

Then click to Login button to see the flag

picoCTF{s0m3_SQL_a57b0b1d}

Last updated 4 years ago