# My First App (Web, 399p, 62 solved)

Honestly we're not exactly sure what was the idea behind this task.
We get a link to a webapplication which says:

```
After much research, I've found on stackoverflow.com how to protect my framework app.
```

And there is a link to `/getflag`, but there is a password prompt when we try to go there.
It seems the authentication is based on some regex rather than on directory structure since going to `/getflags` also gives us authentication prompt and not 404 error.
Additionally we can see that going to `/index.php` and `/index.php/` gives us the same results.

This all suggests some mod_rewrite magic underneath.
We simply tried to see what will happen if we do `/index.php/getflag`, which would depend on the regex rules order, and we got the flag:

`EKO{fucking_m0d_r3wr1t3}`

Original writeup (https://github.com/p4-team/ctf/tree/master/2017-09-17-ekoparty/my_first_app_web).