Tags: google web 

Rating: 4.0

## LOG-ME-IN write up by Ambrotd

We have a node express app with a login where the input is sent straight to the db

![892b3f85ac924daef30956ea40806ce9.png](../../_resources/68a7f7504e1f474980c472dce7233c69.png)

The application is using bodyParser with extended true this means we can modify the username and password and send them as an array

![91a2a7704e95fd6bf1b39c205cf3669a.png](../../_resources/a274f2f17b34493688ed7e007ead6fd2.png)

With this request we are logged in as administrator, but we need to be michelle to get the flag:

![e0a7593a59ee79fbdcfa5fada5290825.png](../../_resources/47f04c4a69d241359eeb1966c8811fd4.png)
![26e06a6a84119014ba4a9d99a6a4b996.png](../../_resources/60bd5face5c946dfa85d91367c9a0b83.png)

So we can send the username as michelle:

![818b78552a6098dc9778d8d8abb1857a.png](../../_resources/98170f2c2f3f41a09e0a0c49226f3870.png)
![fffa44f0ba8bc411f0a40f3fa41d3926.png](../../_resources/91a617833d14473e8645db2228fbf2b9.png)

And we got the flag:

![7fd3060dd0ac0336ddec407634eaa13f.png](../../_resources/471e3512911d4bfd96a36770d1b218e0.png)

Original writeup (https://github.com/Ambrotd/Google-CTF-2020/tree/master/Web/Log-me-in).