Speedrun 3
Description
Solution
- First, we enter the site and randomly fill in the input
- We then refresh it and see {"admin":false,"name":"asd"}
- We also note that a cookie, named authtoken was created, with the value eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhZG1pbiI6ZmFsc2UsIm5hbWUiOiJhc2QifQ.i9II9riAxP5OSQrVDrRX2dOnNaJI_K4Vk9FED-ADuVs
- We play around with the cookie by deleting half of it, and was greeted with an error
- Fatal error: Uncaught UnexpectedValueException: Wrong number of segments in /var/www/html/index.php:84 Stack trace: #0 /var/www/html/index.php(531):
- Firebase\JWT\JWT::decode('eyJ0eXAiOiJKV1Q...', '82a59879a507', Array) #1 {main} thrown in /var/www/html/index.php on line 84
JWT
- When we google JWT decoder we get the link link
- We find that the format for the code is JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm);
- Hence, we input the 256-bit-secret as 82a59879a507
- Now, it is verified
Getting the flag
- We use the tool to change admin to true, and get eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhZG1pbiI6dHJ1ZSwibmFtZSI6ImFzZCJ9.YTbnlIIllCx5UyHp4N-M1f00hDl5erOGmq2V17N8RKg
Flag is:
-
UDCTF{st00p1d_PHP_err0r_mess4ges}