Level 13 - Level 14

Username: natas14
Password: qPazSJBmrmU7UQJv17MHk1PGC4DxZMEP
URL:      http://natas14.natas.labs.overthewire.org

Overview

This time a login form, with a link to the source code.

Let's take a look at the source code.

By just viewing the source code, we can find that its vulnerable to SQL Injection, since the parameters are directly substituted in the SQL query.

We can bypass the login by using a simple payload: " OR 1 = 1 -- -, and we get the password for the next level.

Last updated 7 months ago