Web

The link provided goes to the basic login page as mentioned in the challenge. Try to do sql injection but no luck! From the downloaded attachment has a source code of the login page, which need to review for any vulnerability.

Based on the source code, one and only way to get the flag is needed to enter else statement which means to make the if statement equal to false. To further understand this, for example when make user guest in array structured in loose equality ['guest'] == 'guest' it returns true but when it applies in strict equality ['guest'] === 'guest' returns false in javascript. It is because in strict equality does not perform conversion when comparing between two different types of values which opposite of loose equality.

From that, I can receive the flag by performing this command curl -i -X POST --data 'username[]=guest&password=guest' "http://login-web.chal.2024.ctf.acsc.asia:5000/login"

Flag: ACSC{y3t_an0th3r_l0gin_byp4ss}

Last updated 5 months ago

Login!