Tags: web 

Rating:

## PwnQL #2 - WEB

![task](task.png)

Already got ```login.php``` from PwnQL #1

Just check for the length of admin password by passing strings containing only ```_```
Got a hit at 10!

Now run the [exploit](exploit.py)

Original writeup (https://github.com/anuragnitt/CTF-Writeups/tree/master/HeroCTF%20v3/Web/PwnQL%202).