Duy's Tinkerings

picoCTF 2022 | SQLiLite Write-up

Challenge description

Can you login to this website?

Category: Web Exploitation

Solution

An unexpectedly fast challenge for me, which was admittedly rather anti-climatic.

Regardless, we begin the challenge by launching the instance and visiting the website.

We are presented with a login form. The challenge’s hint says that we want to be logged in as admin. That leaves the password. Since the challenge obviously has something to do with SQL, I tried the most basic SQL injection test by inputting `' or 1=1 --‘ into the password box and then hitting enter.

And that was it!

This seems to be a hint about inspecting the page’s source.

Bingo

Leguminosae

April 20, 2022

ctf, picoCTF, picoCTF 2022

picoCTF, picoCTF 2022, Web Exploitation

Leave a Reply Cancel reply

Enter your comment here…

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

picoCTF 2022 | SQLiLite Write-up

Challenge description

Solution

Share this:

Like this:

Leave a Reply Cancel reply