## PicoCTF 2022- SQLiLite :::info :bulb: This is a writeup for the SQLiLite challenge in PicoCTF. ::: ### :eight_spoked_asterisk: The Challenge Can you login to this website? <p> Additional details will be available after launching your challenge instance.</p> [new_caesar.py](https://mercury.picoctf.net/static/c9043977604318594ab73d126a01d0b1/new_caesar.py) ### :mag_right: Breakdown <p> Clicking on the instance link, we are redirected to a simple user login interface. </p> <p> On attempting to sign in with some random credentials, we get </p> ![Screenshot 2023-12-24 at 10.46.57 AM](https://hackmd.io/_uploads/HJAn2lUwa.png) ### :mag_right: Solution <p> Since we have the SQL query used, we can use ' OR 0=0 -- as the username, and any password to log in to the account. </p> ![Screenshot 2023-12-24 at 10.53.21 AM](https://hackmd.io/_uploads/S1vqCgIw6.png) ### :triangular_flag_on_post: The Flag!! Inspecting the source, we get the flag :::spoiler picoCTF{L00k5_l1k3_y0u_solv3d_it_ec8a64c7}:::