ad3n๐Ÿ’€kali:~$
  • ๐Ÿ HOME
    • ๐ŸšฉCTF WRITEUPS
      • CURTIN MALAYSIA CTF 2023
        • Web - General
        • Web - SQLi
        • Pwn & Reverse
      • HTB UNIVERSITY CTF 2023
        • Reverse Engineering
      • Wargames.MY 2023 CTF
        • Web
      • osu!gaming CTF 2024
        • Forensic
      • WolvCTF 2024
        • Web
      • TexSAW CTF 2024
        • Web
      • ACSC 2024 CTF
        • Web
      • NahamCon CTF 2024
        • Forensic
      • UCC CTF 2024
        • Boot2root
    • โœ๏ธNOTES
      • Web Exploitation ๐Ÿ•ธ๏ธ
  • ๐Ÿ”CATEGORIES
  • ๐Ÿ™ŒABOUT
Powered by GitBook
On this page
  1. HOME
  2. CTF WRITEUPS
  3. ACSC 2024 CTF

Web

Last updated 1 year ago

  • Login!

The link provided goes to the basic login page as mentioned in the challenge. Try to do sql injection but no luck! From the downloaded attachment has a source code of the login page, which need to review for any vulnerability.

Based on the source code, one and only way to get the flag is needed to enter else statement which means to make the if statement equal to false. To further understand this, for example when make user guest in array structured in loose equality ['guest'] == 'guest' it returns true but when it applies in strict equality ['guest'] === 'guest' returns false in javascript. It is because in strict equality does not perform conversion when comparing between two different types of values which opposite of loose equality.

From that, I can receive the flag by performing this command curl -i -X POST --data 'username[]=guest&password=guest' "http://login-web.chal.2024.ctf.acsc.asia:5000/login"

Flag: ACSC{y3t_an0th3r_l0gin_byp4ss}

๐Ÿ 
๐Ÿšฉ