EvilTwin-Admin - DOJO #21 (Until 10/02/2023)

Hint

~ One has to be the first, right? :)

- -Documentation - -Help

- -SuperHint

GOAL

BRUTE FORCE IS NOT ALLOWED!

The valid solutions for the SQL Logic Vulnerability must meet this requirement:

• The SQL result should show your newly created user instead of the user admin.
• Your user must be the only user inside the ===(RESULT)== result.

("ERROR": "SqliteError: unrecognized token: "x'$passwd'"" is not a challenge error)

---

Story time

DOJO #19... Developer Jeff returned to the office on Monday after a long weekend of partying and beer. He still has a hangover, but he was strong and managed to secure the SQL statement (The database only leaked 62 times.)

From now on, Jeff doesn't trust user input and limited the administrator access to one employee only.