Hi,
I’m going through the SQL Injection Fundamentals module and I am unable to obtain the flag for the exercise in the “Subverting Query Logic” section despite performing a successful bypass. There’s no flag on the page:
Page Source
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf8">
<title>Inlanefreight</title>
<link rel="stylesheet" href="./style.css">
</head>
<body>
<!-- partial:index.partial.html -->
<hgroup>
<h1>Admin panel</h1>
<h3>
Executing query: SELECT * FROM logins WHERE username='tom' AND password = 'admin' or '1'='1';<br /><br /><font color="green">Login successful as user: admin</font><br /><br />Click <a href='/'>here</a> to try again <!-- partial -->
<script src='https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="./script.js"></script>
</body>
</html>
Maybe it’s a bug? Not sure what to do at this point so I’m posting here.