Firstly, Thanks for Phieu Lang, idol Law.io and “meepwn.CLGT” to hold boot camp and capture the flag together. We finish with 41 point and rank 12th.
But it doesn’t work. Maybe this file do not have permission to create.
Let try to login with ‘admin’.
from source code, This can’t be easily to know this table only have 2 column ‘username’ and password.
Try to log in with an account (user:password) = (admin:admin) , it’s fail.
But looking carefully, it no check after filter. It’s mean we can bypass login with register.
Something I found from my idol “Tsu”: “admin\000” ~ “admin”.
I try to register with an account (“admin\000″:”admin”) and then login with (“admin”:”admin”). Successful. Yeah, I got ‘admin’ account !! ^.^!
Finally We have the flag. Bravoh!!
Suddenly, someone check this BOT, amazing !!!
Because of The Server was brought down, so everything I do only in localhost.
If you see any problem, please leave comment below!
Thanks for reading.