Tags: php-comand-injection web 


### TokyoWesterns CTF 4th 2018. *SimpleAuth* Writeup by E-Toolz team

`http://simpleauth.chal.ctf.westerns.tokyo/ ` - Link


This source page is given at task. It parses GET requests on the URL of task.
(# - comments)
> Short characteristic of HTTP GET:
> Client send parameters in URI after the ? symbol and divided with & symbol so URL looks like:
` http://simpleauth.chal.ctf.westerns.tokyo/?action=auth&user=admin&password=qwerty`

> From the left side of '=' is filled name which we set. From the right side is its value.
> We can find out field names from the source: they are used as `$res` fields.