Tags: sql_injection authentication sqlinjection sql-injection sqli 


During the Vishwa CTF challenge, the author undertook a security breach of a website. From the word go, the challenge author forgot his credentials and needed help finding the right ones.

The challenge was trivial and did not take much time, the whole thing was to enter the correct payload in the login form, in SQL Injection. The author after several attempts broke the security using payload `'1 or'1'='1`, then a flag was received.

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.