Dirty Validate

Author: Lucian Nitescu
Contest: NeverLAN CTF 2019

Description:

Stats:

50 points

Solution:

In this challenge, we were prompted with a basic login form.

As a first step, I decided to take a look at the source code of the accessed web page. On the source code of the page, I discovered multiple ajax request that can be directly accessed by any user.

Retrieving all user accounts for the application:

• https://challenges.neverlanctf.com:1135/webhooks/get_username.php

Retrieving the base 64 encoded password for the Dr. Whom user account:

• https://challenges.neverlanctf.com:1135/webhooks/get_password.php?user=Dr.%20Whom

Decoding the base64 string:

The flag is: flag{D0n't_7rus7_JS}