What's your input?

Problem

We'd like to get your input on a couple things. Think you can answer my questions correctly? in.py nc mercury.picoctf.net 39137.

Solution

  1. 1.
    Look at the in.py file, which is executed using Python 2.
  2. 2.
    The Python 2 input function is vulnerable. More info on GeesForGeeks.
  3. 3.
    We can enter the variable name city as the city input parameter which will essentially set res = city.

Flag

picoCTF{v4lua4bl3_1npu7_8433797}