search

Local Authority

https://play.picoctf.org/practice/challenge/278?page=8 Can you get the flag? Go to this website and see what you can discover.

  • theres a login page, so probably sql injection

  • using [[SQL Injection]] OR method ' OR 1=1 --, it says Illegal character in username or password.

  • but in the [[Inspect]] sources, we now can see the php file

<script type="text/javascript">
      function filter(string) {
        filterPassed = true;
        for (let i =0; i < string.length; i++){
          cc = string.charCodeAt(i);
          
          if ( (cc >= 48 && cc <= 57) ||
               (cc >= 65 && cc <= 90) ||
               (cc >= 97 && cc <= 122) )
          {
            filterPassed = true;     
          }
          else
          {
            return false;
          }
        }
        
        return true;
      }
    
      window.username = "hi";
      window.password = "&#039;OR 1=1 --";
      
      usernameFilterPassed = filter(window.username);
      passwordFilterPassed = filter(window.password);
      
      if ( usernameFilterPassed && passwordFilterPassed ) {
      
        loggedIn = checkPassword(window.username, window.password);
        
        if(loggedIn)
        {
          document.getElementById('msg').innerHTML = "Log In Successful";
          document.getElementById('adminFormHash').value = "2196812e91c29df34f5e217cfd639881";
          document.getElementById('hiddenAdminForm').submit();
        }
        else
        {
          document.getElementById('msg').innerHTML = "Log In Failed";
        }
      }
      else {
        document.getElementById('msg').innerHTML = "Illegal character in username or password."
      }
    </script>

  • looking into the sources, we also see secure.js

  • woah username and password

  • using those creds, we get flag

PreviousIt is my BirthdayNextScavenger Hunt

Last updated