Wei's

PicoCTF - SQLiLite

22 Sep 2022 picoCTF 

Challenge

Tags

PicoCTF 2022 / Web Exploitation / sql

Description

Can you login to this website?

Writeup

  1. Launch instance.
  2. Login with random username and password. I use admin as username and xx as password. remix
  3. Now we know the SQL query command, we can use SQL Injection to exploit it.
  4. Use OR 1=1--' as username and password to login again. remix
  5. The flag is hidden. So inspect elements to find it. remix
  6. Here’s flag: picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21} ٩(^ᴗ^)۶

Related posts

Archive

solidity picoCTF Go ethernaut linux leetcode blockchain array sql react leetcode-top-interview medium typescript smart-contract two-pointer solana javascript java ethereum easy css Linux zsh ubuntu next.js jekyll http hardhat golang ethers docker Secureum Rust web wallet vscode typeorm truffle stack shell rpc notion notes nodejs nextjs mocha html go github git geth filesystem express eslint cloudflare Vim DSA