In this challenge we are given a basic website and are asked to bypass the admin login:
Let's go to the admin login page:
We are greeted with a login page:
I went to the Inspect element via right clicking the webpage. We can see the source code in the Elements tab. We see there is a debud hidden feature with value set to 0, I change it to 1 and enter 'admin' as the password:
Here we can see that 'admin' changes to 'nqzva'. We find a shift value of
13 between these two which suggests to me that it was a ROT13 cipher.
I head over to Cryptii, choose to encode a simple SQL injection payload that I intend to use ' or 1=1; --. We get the ciphertext as ' be 1=1; --
I use that ciphertext to bypass the login and there we have our flag:
Top comments (0)