[Writeup] Lazy Php Hunter | Simple php category ctf challenge

August 9, 2018 Script hunter No comments exist

This is writeup of Lazy php hunter ctf challenge.Go to the challenge page directly if you didn’t solve this challenge yet.
Task-Detail:-Follow this link and start hunting- .
Flag Format: CHERRY{soMETHing_HerE}

Writeup of Lazy Php Hunter | Simple php category ctf challenge

Challenge page has given a input box where you need to get flag with some validate input.

  1. Lets look at source code,where something commented ?debug=1.Use this in url like – https://cherryblog.in/ctf/php-hunter?debug=1
    Now you are able to see php codes of validation.
  2. Now you understand that you need something which is greater than 999 but should be less than 4 characters and only integers are allowed,how can it happen.
  3. For this you need to understand is_numeric() function.This function is checking whether given input is numeric or not but it will also accept such strings like – +365.e2,336,4e4.
    We will take advantage of this.
  4. If you type 4e4 in console of devtools you will see 40000 which is translated like this 4104.
  5. 4e4 is less than 4 characters length and also greater than 999 because its value is 40000.
  6. use 4e4 as an input and click on submit query.

You will reach to flag page.
Flag: CHERRY{iTS_toO_easy}
Go to challenge page and validate your flag there.
Another ctf Challenges:-
Anonymous ctf challenge for beginners
Crack cash bank lock with your hacking skill
Secret diary javascript patch challenge easy ctf challenges
Also see:-
Phone lock challenge
Logout someone gmail account by sending a email