Dr. Hrabowski's Great Adventure
SQL Injection


President Freeman Hrabowski is having a relaxing evening in Downtown Baltimore. But he forgot his password to give all UMBC students an A in all their classes this semester! Find a way to log in and help him out.
(If you get an SSL error, try a different browser)
Author: Clearedge


To bypass authentication, the basic payload username=admin&password=' or 1=1;# works.
The flag is in the image's name attribute.
Copy link