My Writeup for BCACTF 2.0! (Web Problem #3 and #4)

avatar

Continuation from yesterdays writeup. XD

Web Problem #3: Movie-Login-1

I heard a new movie was coming out... apparently it's supposed to be the SeQueL to "Gerard's First Dance"? Is there any chance you can help me find the flyer?
http://web.bcactf.com:49160/
Hint 1 of 1:Are the inputs sanitized?


image.png

My Solution:

A classic SQL Injection problem. For this one I used

targetuser ' OR 1=1; --

to bypass the login page.


image.png

And ta~dahh, we get the FLAG. XD


image.png

Web Problem #4: Wasm Protected Site 1

Check out my super safe website! Enter the password to get the flag
http://web.bcactf.com:49157/
Hint 1 of 1 : How does the Web Assembly check the password you entered, and what is it looking for?

Another pretty straight forward problem in which one is challenged to 'get the correct password' in order to get the flag.


image.png

My Solution:

Like always, start with checking the page source.


image.png

Inside "main.js", one would notice the "code.wasm". We could just simply go to http://web.bcactf.com:49157/code.wasm to see what is the page trying to get.


image.png

And voila! Found our Flag! XD


image.png
image.png

capturetheflag ctf competition blog proofofbrain life leo neoxian palnet gaming
0
0
0.000
0 comments