Rating: 4.0

# PHPJuggler

> PHP is here to entertain again! They’ve shown you magic tricks, disappearing acts, and now… juggling!

This was the code of the PHP file
```php
");
echo($flag);
}else{
echo("NOPE! Wrong flag.");
}
echo ("

");
}

highlight_file(__FILE__);
?>

<html>
<head> <title> PHP Juggler </title> </head>
<body>



<form action="#" method="POST">

Tell me the flag.


<input type="text" name="flag">
<input type="submit" value="Submit">
</form>
</html>
```

I submitted some random flags. I was reading The
Hitchhiker's Guide to the Galaxy, So I have tried submittig the value "42" but it didn't work!
![42](1.png)

Then I read the code again, and saw `strcmp`!
So instead of `flag=anything` if we pass `flag[]=anything`, the flag will become array. And in strcmp function it will return `NULL` and `NULL == 0` will be `true` so we will get the flag!
![Flag](2.png)

> #### LLS{php_dropped_the_ball_again}

Original writeup (https://github.com/Yash-Amin/virsecconCTF/tree/master/Web/4.%20PHPJuggler).