Irish-Name-Repo 3

Going to the admin page and inspecting element we ca see that here is a hidden input field

<input type="hidden" name="debug" value="0">

By removing the ="hidden"

A new input field appears , when changing the new input field from 0 to 1 and trying to login we get the following output

SQL INJECTION COMMAND

Trying the 1' IS NOT '2 SQL injection we get this output and a weird output on how SQL interprets it 😵

What if we try and use the shift that it is doing to get a valid response ?

It works !

FLAG

💡

picoCTF{3v3n_m0r3_SQL_06a9db19}