image.png

Want to run this Docker container locally?

 docker run -d -p 9023:80 --name Flag-red44 --restart always joshbeck2024/ctf-php-type-juggling-flag-red44

http://172.25.200.200:9023

Points: 750

Walk through:

This video explains the concept better than I do!

https://www.youtube.com/watch?v=idC5SAsKhlE

We’ll start by intercepting a request to the website in Burp Suite.

image.png

We can see that a request is made to /api/checklogin.php?password=test

image.png

We can assume that a check is being made in the code like this:

if password == user_input

Or

if password === userinput

There is a big difference between == and ===