Author: Mubarak Mikail
Can you login to this website?
You'll need to start an instance.
Hint 1
admin is the user you want to login as.This challegne can be solved using a SQLinjection. To log in we use some username and password to see what happens.
The login fails and we get a look at the SQL query. Now we can think of a way to get a SQL command injection. Something like
' OR 1=1--.
Explanation: ' ends the input, 1=1 adds an additional statement that is always true and -- starts a comment, so everything behind that will be ignored.
As soon as you see the text Logged in! But can you see the flag, it is in plainsight. you've got it. To see the flag just have a look at the html source, it's hidden there.
Show flag
picoCTF{L00k5_l1k3_y0u_solv3d_it_147ec287}