Tags: sqlinjection 


Problem Statement (200 points):

There is a website running at http://2018shell2.picoctf.com:28402 (link). Do you think you can log us in? Try to see if you can login!

Tags : Sql injection


In this we have to log in as admin.Opening the link leads to a website having photos of people.on side menu there is admin login option.On opening the login page we have to login with username admin but don't know the password so i tried the basic sql injection('or'1'='1) and then i was awarded with flag :

Your flag is: picoCTF{con4n_r3411y_1snt_1r1sh_f58843c5}

Original writeup (https://github.com/d4rkvaibhav/PICOCTF-2018/tree/master/WEB_EXPLOITATION/IRISH%20NAME%20REPO).