published 1970-01-01 00:00

updated 1970-01-01 00:00

Micro-CMS v2

flag 1

Used a ' to find out the login page is vulnerable to SQLi however it returns an error. Using '1='1 returns password error, rather than SQL error. We can use this Then use union to set the password to whatever you want and exploit with the previous code. the payload to log in: 'UNION SELECT '123' as password from admins where '1'='1

Quotes matter! using "123" instead of '123' lead to an SQL error.

flag 2