Codegate 2013 Web 200 Writeup

In Web 200, The site contains the login form for get ID and PS. ID is the IP-adress.

login page

We can get the source code of Web site.

View the source code: login_ok.php login.php opt_util.php

login.php source

ID is local IP-address, PS is password which we need to input.

opt_util.php source

otp_utill contains a function.


Login audit process is through the “strcmp” judgment is consistent, and then judge whether the IP is then get the flag.

In login_ok.php


reference:Array[] Parameter Injection PHP function strcmp

strcmp(str, array) == 0

I modified the parameters(ID= ps[]=adrian),and then submit。


bingo!!!Get the flag!!!