1  %title hacker101
 2  :hack:
 3  %date 
 4  %update 2023-06-03 22:03
 5  
 6  Micro-CMS v2
 7  
 8  = flag 1 =
 9  Used a ' to find out the login page is vulnerable to [[SQLi]]  however it returns an error. Using '1='1 returns password error, rather than SQL error. We can use this
10  Then use union to set the password to whatever you want and exploit with the previous code. the payload to log in:
11  'UNION SELECT '123' as password from admins where '1'='1
12  
13  Quotes matter! using "123" instead of '123' lead to an SQL error. 
14  
15  = flag 2 =
16  
17  
18  -----
19  = Backlinks =
20  
21  - [[hack|hack]]