Vishwa CTF: Web: UwU (469)

This is from the 2021 Vishwa CTF

For this challenge, we are given a URL:

Going to the site, we are given this page:

After a little poking around, I look for a robots.txt entry:

Interesting! Now I follow the clue and look for a robots directory:

I click the link on the page for the source code and I get this:

After reviewing the code, I see that the PHP is looking for an input parameter “php_is_hard” and it runs “preg_replace()” on it and evaluates the output of that.

  if (isset($_GET['php_is_hard'])) {
  
    $you_enter = $_GET['php_is_hard'];
  
    $we_enter = 'suzuki_harumiya';
  
    $the_final_one = preg_replace(
    
      "/$we_enter/", '', $you_enter);
  
      if ($the_final_one === $we_enter) {
  
        open_up();
    }
  }

Analyzing this code, I see that it takes my input and looks for all instances of “suzuki_harumiya” and removes it. Then it compares the resulting string to “suzuki_harumiya”. If it is true, then it runs the “open_up()” function.

I see that I can simply manipulate my input to “ssuzuki_harumiyauzuki_harumiya” and the script will remove the single instance of “suzuki_harumiya” in it and the resulting string will, in fact, be “suzuki_harumiya”. When I feed that input, I get this:

Vishwa CTF: Web: Redeeem (440)

This is from the 2021 Vishwa CTF

For this challenge, we are given a URL:

Going to the page, we get this:

Entering a coupon code does not appear to do anything. If we click the “BUY” button, we get this:

Inspecting the source, we see a hidden element named “current” with a value of “0”. This appears to be how my current balance is tracked.

I modify that element’s value to “7000” and then click the “BUY” button:

That gives us the flag!