[NeverLAN 2019] - Dirty Validate

Posted Feb 5, 2019

By Lucian Nitescu 1 min read

Description:

Solution Author:

Lucian Nitescu, as part of jmp 0xc0ffee team.

Solution:

In this challenge, we were prompted with a basic login form.

As a first step, I decided to take a look at the source code of the accessed web page. On the source code of the page, I discovered multiple ajax request that can be directly accessed by any user.

Retrieving all user accounts for the application:

https://challenges.neverlanctf.com:1135/webhooks/get_username.php

Retrieving the base 64 encoded password for the Dr. Whom user account:

https://challenges.neverlanctf.com:1135/webhooks/get_password.php?user=Dr.%20Whom

Decoding the base64 string:

The flag is: flag{D0n't_7rus7_JS}

neverlan, ctf, writeups

This post is licensed under CC BY 4.0 by the author.

Description:

Solution Author:

Solution:

Trending Tags