Dirty Validate

Author: Lucian Nitescu
Contest: NeverLAN CTF 2019



50 points


In this challenge, we were prompted with a basic login form.

As a first step, I decided to take a look at the source code of the accessed web page. On the source code of the page, I discovered multiple ajax request that can be directly accessed by any user.

Retrieving all user accounts for the application:

Retrieving the base 64 encoded password for the Dr. Whom user account:

Decoding the base64 string:

The flag is: flag{D0n't_7rus7_JS}