ebCTF: WEB100 “Tulip Shop”

We designed a new login procedure for our Online Tulip Shop. Can you test if it is hacker proof?

The WEB100 challenge was apparently harder than expected with only 10 solves. The goal of this challenge was to grep the admin password from the sqlite database with a SQL injection. The SQL injection however was not in one of the normal places, but in the key name of the password field.
{Read More}