SherpaCTF 2025 CTF Writeup

16 - Sixteen

Log in as admin via SQL Injection and delete all 5-star feedback entries to retrieve the flag.

Sixteen - CTF Challenge Writeup

Challenge Information

  • Name: Sixteen
  • Category: Misc
  • Points: 10
  • Objective: Log in as admin via SQL Injection and delete all 5-star feedback entries to retrieve the flag.

Solution

  • From User Fifteen, the challenge is to remove all five-star feedbacks from the system.

    Challenge 16

  • To do that, we first need admin access, which can be achieved using SQL Injection on the login form.

  • After gaining access, navigate to the feedback section of the OWASP Juice Shop dashboard.

  • Manually identify and delete all entries with a 5-star rating.

  • Once all high-rated feedbacks are cleared, the challenge marks as complete and the flag is revealed.

    Flag

Flag

78231b75c0b2180b7e964dcbb1ab3c3f58639f2e

Misc
Last updated on Nov 25, 2025 00:00 UTC