If we log in with the credentials from Entrypoint, we can see a list of users.
One of these is called "loginToGetFlag", so we'll try to log into this one.
"loginToGetFlag"
We get a SQL error if we put a ' so we can try SQL Injection payloads.
We can use the payload:
loginToGetFlag' --
to log into this user - and we get the flag.
Last updated 5 years ago
Was this helpful?
