CTFtime.org / Killer Queen CTF 2021 / Just Not My Type / Writeup

- code

```php
<h1>I just don't think we're compatible</h1>

<form method="POST">
Password
<input type="password" name="password">
<input type="submit">
</form>
```

from the challenge title and the line `if (strcasecmp($password, $FLAG) == 0)`

we can see that this is a case of type juggling or loose comparison

the function `strcasecmp()` does case insensitive string comparison and returns 0 when the two strings are equal

we can get the function to return 0 if we pass one side of the comparison (the one we control) as an empty array

## How?

modify the password parameter in the POST request in burp from `password=` to `password[]=`

and it spits out flag

![screenshot](https://www.notion.so/Just-Not-My-Type-d4aa2fec63744a618ac0cf5e50efd6f2#2be4bbbba3064cd6961ab74e9e32b80e)

`flag{no_way!_i_took_the_flag_out_of_the_source_before_giving_it_to_you_how_is_this_possible}`

# Resources

[PHP Tricks (SPA)](https://book.hacktricks.xyz/pentesting/pentesting-web/php-tricks-esp#strcmp-strcasecmp)

Original writeup (https://earthy-saguaro-61f.notion.site/Just-Not-My-Type-d4aa2fec63744a618ac0cf5e50efd6f2).

Just Not My Type

Comments

Sign in with