Web - Authy
Download
If you wanna try out the chall files are here : https://github.com/heapbytes/CTFs/tree/main/2023/BlackHat-MEA-CTF/web
Password :
flagyard
Challenge files
server.go
Looking at the file we can say it's nothing but just a general login/registeration index file.
The intresting file was under
controller/LoginController.go
The main fact to get the
flag
was to have a password of length less than 6 (checkout following snippet).
BUT BUT BUT, while registering we see that the request isn't sent to register if our password length is less than 6 (check the following snippet).
Vulnerability - Rune
If you looked the src code closely,
It's using rune to check the length of the password.
What's rune ?
tl;dr : it's basically used for unicode characters
Exploit
So what next?
Just create a password with unicode character of length more than 6
while checking with run the length of our unicode character would be 1 or whatever character code you used.
Solve.py
Flag
-------- and pwned (late writeup? yehp)
Last updated