SwampCTF 2019 Writeups
Andrew, a data courier and PHP diehard, has secret data that he can’t have falling into the ZaibatsuCorp’s hands. Fortunately, we’ve established an online datalink with his wetware.
We’ve exposed the module’s access interface here:
Can you bypass his CraniumStorage security module before he wakes up?
-= Created by andrewjkerr =-
Accesing the provided link, the following page is shown:
When Submit was pressed, a POST request was sent to the server containing:
After playing arround a bit, we discovered that we could break the application by passing an array as the password.
This means that strcmp was barfing a NULL by comparing an array to a string, and type juggling probably came into play, making NULL==0 true