Wei's

PicoCTF - SQLiLite

22 Sep 2022 picoCTF 

Challenge

Tags

PicoCTF 2022 / Web Exploitation / sql

Description

Can you login to this website?

Writeup

  1. Launch instance.
  2. Login with random username and password. I use admin as username and xx as password. remix
  3. Now we know the SQL query command, we can use SQL Injection to exploit it.
  4. Use OR 1=1--' as username and password to login again. remix
  5. The flag is hidden. So inspect elements to find it. remix
  6. Here’s flag: picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21} ٩(^ᴗ^)۶

Related posts

Archive

solidity picoCTF Go ethernaut linux leetcode blockchain sql react leetcode-top-interview array medium typescript smart-contract solana javascript java ethereum easy css Linux zsh ubuntu two-pointer next.js jekyll http hardhat golang ethers Secureum Rust web wallet vscode typeorm truffle stack shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA