picoCTF 2022 | SQLiLite Write-up

Challenge description

Can you login to this website?

Category: Web Exploitation


An unexpectedly fast challenge for me, which was admittedly rather anti-climatic.

Regardless, we begin the challenge by launching the instance and visiting the website.

We are presented with a login form. The challenge’s hint says that we want to be logged in as admin. That leaves the password. Since the challenge obviously has something to do with SQL, I tried the most basic SQL injection test by inputting `' or 1=1 --‘ into the password box and then hitting enter.

And that was it!

This seems to be a hint about inspecting the page’s source.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: