SherpaCTF 2025 CTF Writeup

10 - Ten

Exploit a vulnerable login form in OWASP Juice Shop using classic SQL Injection techniques to retrieve the flag.

Ten - CTF Challenge Writeup

Challenge Information

  • Name: Ten
  • Category: Misc
  • Points: 10
  • Objective: Exploit a vulnerable login form in OWASP Juice Shop using classic SQL Injection techniques to retrieve the flag.

Solution

  • From User Nine, we’re given another OWASP Juice Shop challenge.

    Challenge 10

  • This one is a classic — good old SQL Injection.

  • The login form is completely unprotected, no WAF, no input sanitization.

  • A simple payload like ' OR 1=1 -- bypasses authentication.

  • After logging in using that injection, the flag is revealed on the resulting page or via the admin panel.

    Flag

Flag

`690fa3247a99d651e0b26f947baf

Misc
Last updated on Nov 25, 2025 00:00 UTC