Web - 150 Points
So I got this douchy classmate that thinks he’s super cool. He created a math quiz software for our class in 10 minutes, and claims its super secure with protections and everything. We all hate him, and if you hack his code, we’re gonna love you! By the way, he told a friend of mine that he keeps his secrets among the quiz questions, but those questions are never used in the software.
Since we don’t have the source code or any indications of it, the first step is to try to cause the app to crash and give us error information.
The web application was so easy to crash that selecting the correct response will throw up this error message
Error 4: syntax error, unexpected '';' (T_ENCAPSED_AND_WHITESPACE) in /var/www/html/web/math-quiz/index.php(44) : eval()'d code on line 1
I was intercepting all the traffic with OWASP ZAP, so I find out there was an anchor in the error message that shows us the source code:
Anyway, selecting the answer create a new POST request to the server with the following parameters
The challenge’s text says that the flag was stored with the questions and I was thinking that the index was the Questions index.
I’ve changed that to “0” only for “sport” and the flag popped out :D
This wasn’t the intended way to get the flag, but a flag is a flag ;)