L33t H4xx0r (Web Exploitation) – 70

Description

If you could bypass the login you could get the flag. Link

Solution

Looking inside the source,we are directed to source.txt to look at the password comparison code.

http://yrmyzscnvh.abctf.xyz/web6/source.txt

The password is the flag itself! So we can’t be expected to guess it, we need to use the hint that there is a vulnerability in the code. After googling about php strcmp vulnerabilities we see that when comparing a string and an array, the result is always 0. So we need to set password to be an array in the URL.

http://yrmyzscnvh.abctf.xyz/web6/?password[]=oops

abctf{always_know_whats_going_on}

 

Comments are closed.

WordPress.com.

Up ↑