🎃 Spooky SSC CTF 🎃

🗄️ Haunted Database

SQL Injection allows attackers to manipulate database queries. Can you bypass the login and find the flag?

Your Mission: Use SQL injection to bypass the login and get the flag!

Challenge: Use SQL injection to bypass the login and find the flag!

💡 Challenge Overview

Goal: Use SQL injection to bypass the login form.

Difficulty: Intermediate - SQL injection basics!

Time to complete: 5-10 minutes

Key Learning: SQL injection can bypass authentication!

🗄️ The Haunted Database

SQL Injection allows attackers to manipulate database queries. This login form has a vulnerability that lets you bypass authentication!

🛠️ How to Solve This Challenge:

  1. Try SQL injection in the username field:
    • admin' --
    • ' OR '1'='1
    • ' OR 1=1 --
  2. Leave password empty or use any password
  3. Look for the flag - It will appear when you successfully bypass the login

🔍 What You're Learning:

  • SQL Injection - How to manipulate database queries
  • Authentication Bypass - Breaking login systems
  • Database Security - Why input validation is crucial

🔐 Haunted Login Portal

Try to bypass this login form using SQL injection!

🔍 SQL Injection Payloads:

🏁 Submit Your Flag

🏠 Back to Main Page