The goal of challenge (made by root-boy) was to get access to a flag protected by authentification. The challenge consists of a form with 3 fields:

• Login
• Password
• Confirmation code

Trying to bypass the authentification through these 3 input fields should not lead to anything interesting so where can we feed our evil input ? You might have noticed that the form uses cookies. The good news is that the one named "cap" is vulnerable to SQL injections.