Dexter’s Lab

Web Exploitation - Points: 125

Dee Dee,

Please check in on your brother’s lab at dexterslab.web.2019.nactf.com

We know his username is Dexter, but we don’t know his password! Maybe you can use a SQL injection?

Mom + Dad

SQLi:

username: Dexter
password: ' or '1'='1

flag: nactf{1nj3c7ion5_ar3_saf3_in_th3_l4b}