PicoCTF_2017: My First SQL
Category: Web Exploitation Points: 50 Description:
I really need access to website, but I forgot my password and there is no reset. Can you help?
Have you heard about SQL injection?
A simple SQL injection, just try to login to an admin account. As most SQL injection flaws comes from unescaped queries, a universal query such as
' or 1=1 -- works, everytime.
Therefore the flag is