For this challenge, the initial start is pretty obvious, or at least i think so.
The first thing we see when we upload the webpage is the image that you see above, which contains two pieces of code. Thats our first clue. The second clue is the name of the challenge. So let the research start. I will not go into detail and will just show you the solution, however I will post links in the end of this post so you can read by yourself and, understand what and how it works.
When I do a web challenges I like to examine the page. As I mentioned above we have some code that we need to understand. The second thing is a input field with a submit button. My next step usually is to start Burp Suite and capture what I can.
For the input I picked a random value and capture the request. Now I have one more piece of information. I discovered that this is a POST request. Send this to repeater so I can test different combinations on the input field.
The combo that worked for me was adding “[]” before the equal sign. Send the post request. Holly shit now we can check the response window.
Look at that. The flag is there.
The flag for this challenge is:
The links I promised:
https://medium.com/@Q2hpY2tlblB3bnk/php-type-juggling-c34a10630b10
https://blog.0daylabs.com/2015/09/21/csaw-web-200-write-up/
https://www.geeksforgeeks.org/php-strcmp-function/