Points: 200
Web Exploitation
There is a website running at http://2018shell1.picoctf.com:59464 (link) . Do you think you can log us in? Try to see if you can login!
There doesn't seem to be many ways to interact with this, I wonder if the users are kept in a database?
looking at the support section of the site, it can be seen that the site uses SQL to store data,this could mean that it is vulnerable to SQL injections
Cannot add name
Hi. I tried adding my favorite Irish person, Conan O'Brien. But I keep getting something called a SQL Error
That's because Conan O'Brien is American.
Admin
going to the login section of the site, it is seen that it accepts a username and password
Log In
Username:
Password:
Using the username ' OR '1'='1' --, we get the flag.
Logged in!
Your flag is: picoCTF{con4n_r3411y_1snt_1r1sh_d121ca0b}
Working solution solve.py
picoCTF{con4n_r3411y_1snt_1r1sh_d121ca0b}