Wei's

PicoCTF - SQLiLite

22 Sep 2022 picoCTF 

Challenge

Tags

PicoCTF 2022 / Web Exploitation / sql

Description

Can you login to this website?

Writeup

  1. Launch instance.
  2. Login with random username and password. I use admin as username and xx as password. remix
  3. Now we know the SQL query command, we can use SQL Injection to exploit it.
  4. Use OR 1=1--' as username and password to login again. remix
  5. The flag is hidden. So inspect elements to find it. remix
  6. Here’s flag: picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21} ٩(^ᴗ^)۶

Related posts

Archive

solidity picoCTF Go ethernaut linux blockchain sql react smart-contract typescript solana javascript java ethereum css Linux zsh ubuntu next.js jekyll hardhat golang ethers Secureum Rust web wallet vscode truffle shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA