CTFs
Upcoming
Archive
Past events
Tasks
Writeups
Calendar
Teams
Rating
Compare
Create new team
Get team members
FAQ
Contact us
For organizers
Feedback
About
Sign in
Home
/
CTF events
/
Codegate CTF 2018 Preliminary
/
Tasks
/
rbSql
/
Writeup
rbSql
by
vampire
/
Samurai
Rating:
Challenges uses a custom 'serializing' algorithm.
Stores length of array/string in a single byte, length allowed <= 256.
256 in a single byte = 0.
Enter email of size = 256, during storage it would be treated as '0' byte and the email string would be used to parse other fields.
Forge a credentials array inside email.
Register with this email and simply login to get the flag
Original writeup
(https://github.com/DhavalKapil/ctf-writeups/blob/master/codegate-2018/rbSql/exploit.php).
Comments
x
Sign in with
I don't remember
