Picoctf Sqlilite (medium) (web) Challenge

14 Sep 2024

Hey there!

Today, I tackled the PicoCTF SQLite Medium Web Challenge. Here’s a step-by-step breakdown of how I solved it:

Initial Screen

We are greeted with the following screen:

Initial Screen

Entering random nonsense brings us to this screen with a “Login Failed” footer and the SQL query used to check if the username and password are in the database:

SQL Injection

With the SQL query visible, we can craft a simple SQL injection in the username field. This will cancel out everything and allow us to gain access:

SQL Injection

Logged In Screen

This brings us to the logged-in screen with the text “Logged in! You can see the flag, it is in plain sight”:

Logged In Screen

Viewing the Source

By right-clicking on the page and selecting “View Page Source,” we can see the flag:

View Page Source

The Flag

The flag is: picoCTF{L00k5_l1k3_y0u_solv3d_it_ec8a64c7}

Sorry if this writeup is short today. I will post more today, InshaAllah.

lifeofal3af@home:~$

About Me

My Ko-fi

Archive

RSS Archive

Picoctf Sqlilite (medium) (web) Challenge

Hey there!

Initial Screen

SQL Injection

Logged In Screen

Viewing the Source

The Flag

Picoctf Sqlilite (medium) (web) Challenge

Hey there!

Initial Screen

Login Failed Screen

SQL Injection

Logged In Screen

Viewing the Source

The Flag