TetCTF 19

Web - IQTest2 (unsolved) Pwn - Easy webserver (unsolved) Pwn - Babysandbox Pwn - Babyheap Pwn - Babyfirst Web IQTest2 After looking at the source code, there is a path that we can polute the $level variable to pass. It has to pass several condition check: if (isset($_COOKIE['saved']) && !empty($_COOKIE['saved']) && isset($_COOKIE['hash']) && !empty($_COOKIE['hash'])) { $saved = base64_decode($_COOKIE["saved"]); $seed = urldecode(substr($saved, 5 )); } if( md5($GLOBALS['secret'].

Read more