My Writeup for BCACTF 2.0! (Web Problem #3 and #4)
Continuation from yesterdays writeup. XD
Web Problem #3: Movie-Login-1
I heard a new movie was coming out... apparently it's supposed to be the SeQueL to "Gerard's First Dance"? Is there any chance you can help me find the flyer?
http://web.bcactf.com:49160/
Hint 1 of 1:Are the inputs sanitized?
My Solution:
A classic SQL Injection problem. For this one I used
targetuser ' OR 1=1; --
to bypass the login page.
And ta~dahh, we get the FLAG. XD
Web Problem #4: Wasm Protected Site 1
Check out my super safe website! Enter the password to get the flag
http://web.bcactf.com:49157/
Hint 1 of 1 : How does the Web Assembly check the password you entered, and what is it looking for?
Another pretty straight forward problem in which one is challenged to 'get the correct password' in order to get the flag.
My Solution:
Like always, start with checking the page source.
Inside "main.js", one would notice the "code.wasm". We could just simply go to http://web.bcactf.com:49157/code.wasm to see what is the page trying to get.
And voila! Found our Flag! XD