Tags: web

Rating:

There is a NoSQL injection. You can see the parameter 'n' on the page.
Trying to make GET request will set the user_n key with random uuid4 value.
If you try to enter a command like set or flushdb (all commands except get), you'll get message "Ah, another hacker".
Just try some commands and you'll see that there is a Redis db. Another way is buying hint for 100 points which tell you that is Redis.
Redis scripting language is LUA. All redis functions are callable by redis.call.
Injection is
http://ctf.knastu.ru/webch/admin?n=123') and redis.call('get', 'admin

Flag is HumanCTF{n0t_a_f1ag}